The European Commission said that it has sent a letter of formal notice to Bulgaria, urging the country to bring its legislation in line with the EU directive on protection against cybercrime.
The Commission has identified a number of issues in Bulgarian cybersecurity laws, in particular regarding certain offences and the respective penalties, it said in in a monthly infringement decisions package published on Thursday.
The EU's Directive on Attacks against Information Systems requires member states to strengthen national cybercrime laws and introduce tougher criminal sanctions, including for large-scale cyber-attacks. Member States are also obliged to improve cooperation between their authorities through operational points of contact, available 24 hours a day 7 days a week, the Commission said. Bulgaria now has two months to respond to the arguments put forward by the Commission.
In August, Bulgaria's Commission for Personal Data Protection imposed a 1 million levs ($565,000/511,200 euro) fine on local DSK Bank, part of Hungarian banking group OTP, over unlawfully disclosed personal data of customers of the bank. The personal data of 33,492 customers of DSK Bank from 23,270 loan files also containing personal data of an unlimited number of related persons was left without adequate protection by the bank, the personal data protection commission said at the time.
In July, Bulgaria's National Revenue Agency (NRA) reported unauthorized access to about 3% of its database in an investigation of a hacker attack that led to a massive leakage of personal data of Bulgarian and foreign citizens and companies.