Brinztech Alert: Data of 378,000 Bulgarian Citizens is on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is advertising the alleged sale of a database containing 378,590 records of Bulgarian citizens. This claim, if true, represents another critical, large-scale data breach in a country whose population has already been almost entirely compromised.

My analysis confirms this is NOT related to the infamous 2019 National Revenue Agency (NRA) hack, which leaked the data (including national IDs and tax info) of over 5 million citizens.

This appears to be a new, separate breach from a different source (likely a large e-commerce or retail company, given the “billing and shipping” addresses).

The data for sale is exceptionally sensitive:

• Full PII (Names, DOB, Gender)
• Contact Info (Emails, Phone Numbers)
• Full Physical Addresses (Billing and Shipping), ZIP codes, etc.

The seller is asking for only $60. This absurdly low price makes this “goldmine” of data accessible to every level of criminal, guaranteeing it will be widely abused for mass identity theft, financial fraud, and highly targeted social engineering (phishing, vishing) campaigns.

Key Cybersecurity Insights

This alleged data breach presents a critical and immediate threat:

• Massive PII Exposure: Nearly 380,000 Bulgarian citizens’ highly sensitive personal information, including full names, contact details, and precise physical addresses, is compromised and available for illicit purchase.
• High Risk of Identity Theft and Fraud: The combination of names, contact information, addresses, and demographic data (DOB, gender) provides a rich foundation for sophisticated identity theft, account takeover attempts, and various forms of financial fraud.
• Low Barrier to Entry for Attackers: The extremely low price point ($60 for 378,590 records) makes this extensive dataset accessible to a broad spectrum of cybercriminals, significantly lowering the cost and effort required for malicious campaigns.
• Enabling Targeted Social Engineering: The detailed PII can be leveraged for highly personalized and convincing phishing (email), smishing (SMS), vishing (voice), and other social engineering attacks aimed at individuals, making them more susceptible to further compromise.

Mitigation Strategies

In response to this systemic threat, organizations must take immediate and decisive action under GDPR:

• Implement Robust Data Encryption and Access Controls: Encrypt all sensitive PII both at rest and in transit, and enforce strict, role-based access controls to ensure that only authorized personnel can access or handle customer data.
• Enhance Multi-Factor Authentication (MFA) Adoption: Mandate MFA for all internal systems and strongly encourage/require it for customer-facing applications to mitigate account takeover risks even if credentials are leaked.
• Conduct Regular Employee Cybersecurity Awareness Training: Provide ongoing training to employees on identifying and reporting phishing, social engineering tactics, and recognizing suspicious requests that could lead to data exfiltration.
• Deploy Advanced Data Loss Prevention (DLP) Solutions: Utilize DLP tools to monitor, detect, and prevent unauthorized attempts to transfer sensitive data outside the organizational network, identifying potential breaches before they escalate.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com