In 2019, the Bulgaria National Revenue Agency servers were hacked, compromising personal data of approximately six million people. KDBM believes the hack was partly due to deficient security practices and technical infrastructure, and that the Agency violated European law by not informing affected people about which data had been compromised.
KDBM are taking collective action on behalf of all those affected by the data breach, demanding that the Bulgaria National Revenue Agency introduce new technical and organisational measures in line with European data protection standards.