<https://www.theguardian.com/world/2019/jul/18/wizard-hacker-charged-after-fi...> A 20-year-old cybersecurity worker has been arrested in Bulgaria and charged with hacking the personal and financial records of millions of taxpayers, as police continue to investigate the country’s biggest ever data breach. Bulgaria’s NRA tax agency is facing a fine of up to €20m ($22.43m) over the hack, which was revealed this week and is thought to have compromised the records of nearly every working adult among the country’s population of 7 million. Speaking at a government meeting on Wednesday, prime minister Boyko Borissov described the arrested man as a “wizard” hacker and said the country should hire similar “unique brains” to work for the state. But some experts who have examined the stolen data said the techniques used in the attack were relatively basic and spoke more to a lack of adequate data protection measures than the hacker’s ability. “The reason for the success of the attack does not seem to be the sophistication of the hacker, but rather poor security practices at the NRA,” said Bozhidar Bozhanov, chief executive at cybersecurity firm LogSentinel. Yavor Kolev, head of the police’s cybersecurity unit, said the male suspect was arrested on Tuesday afternoon. Officers raided his home and office in the capital, Sofia, and seized computer devices containing encrypted data. The investigation into the hack was still at an early stage, he added, and police were looking into the possibility that other people were involved. Bulgaria’s finance minister, Vladislav Goranov, has apologised for the attack, which exposed the names of millions of people and companies and revealed information about incomes, tax declarations, health insurance payments and loans. Sofia city prosecutors said the man had been charged with a computer crime, would be held for another three days and faced up to eight years in jail if found guilty. The attack has reignited a long-running debate about lax cybersecurity standards in Bulgaria. A person claiming to be a Russian hacker and responsible for the breach emailed local media on Monday and denounced the government’s cybersecurity efforts as a “parody”. [...]