site.btaComputer Whiz Gets Suspended Sentence over 2019 Revenue Agency Data Breach

A computer specialist accused of leaking personal data from Bulgaria’s revenue administration has received a suspended nine-month sentence with three years’ probation, under a plea deal approved by the Sofia City Court. The case stems from a massive cyber breach in 2019 that exposed the personal details of millions of Bulgarians.

Kristian Boykov was also ordered to pay over BGN 13,000 in legal costs.

The initial plea deal - which proposed a BGN 2,500 fine - was rejected by the court, prompting a change in the charges and further negotiations that led to the current suspended sentence.

This marks the end of a case that saw multiple delays and legal setbacks. There were two failed attempts to begin trial proceedings after the prosecution repeatedly sought to reach a settlement, but the court declined to approve earlier proposals.

Kristiyan Boykov was initially charged with terrorism following the 2019 leak of personal data from NRA, in what was then described as one of the largest data breaches in Bulgarian history. The case was returned to the prosecution by the Sofia City Court due to serious procedural violations.

At one point, Ivan Todorov, owner of the cybersecurity firm TAD Group which was Boykov's employer, was also named as a defendant in the case. Both he and Boykov were charged with crimes against the Republic, accused of attempting to create public fear and unrest through the leak. TAD's Trade Director Georgi Yankov was also charged but the charges were dropped for lack of evidence. 

The case originally began under the jurisdiction of the now-defunct Specialized Prosecution Office. The investigation stretched over four years and was sent back to the prosecution on more than one occasion for correction of procedural errors before it was finally submitted to court.