Prosecutors have charged two workers at a cybersecurity company with terrorism as part of an investigation into Bulgaria’s biggest-ever data breach, a lawyer for the defendants said on Wednesday.
Georgi Yankov, a manager at the company Tad Group, has been charged and released from custody, Georgi Stefanov said.
Earlier charges of crime against information systems against Kristian Boykov, a 20-year-old cybersecurity worker at the same company, have been changed to terrorism, he added.
Both deny wrongdoing, Stefanov said.
Prosecutors were not immediately available for comment.
“We are very surprised with these charges,” Stefanov told Reuters. “How do you charge someone with terrorism but let them go?” he added.
On Tuesday, police raided the offices of Tad Group, seizing computers and detaining a manager over last month’s cyber attack on the tax agency, in which nearly every Bulgarian adult’s personal data and financial records were compromised.
Boykov was conditionally released from custody last Wednesday, but banned from leaving the country.
Prosecutors have said they believe Boykov did not act alone and were looking for others in connection with the attack.
Prosecutors believe Boykov was behind an email sent from someone purporting to be a Russian hacker who was offering stolen tax agency files to local media. They do not currently believe the attack came from abroad.
Prosecutors said decrypted data from one of Boykov’s computers led them to conclude for the time being that he had the stolen data before it was published online.
The tax agency is facing a fine of up to 20 million euros (£17.84 million) over the breach, which officials have said compromised about 3% of the agency’s database.
According to financial newspaper Capital, the leaked data also included files from the EU’s anti-fraud network EUROFISC, which allows national tax administrations to share information on fraudulent activities and combat organised VAT fraud.
On Wednesday, the tax agency said it would contact 189 Bulgarians whose full names, personal identification numbers, addresses and ID card details were among the leaked data.
The other more than four million Bulgarians affected by the breach do not need to change their ID cards, the agency said.
The agency has informed notaries, banks and credit lenders in the Balkan country over the data breach and urged them to be extra vigilant in approving property deals or extending loans.