TAD group, a cybersecurity company in Bulgaria was rocked recently by a scandal when a few of their employees was arrested by the police for their role in Bulgaria's biggest-ever data breach.
Police raided the offices and seized computers of TAD Group as part of their investigation. The data breach was a cyberattack on the tax agency, in which nearly every Bulgarian adult's financial records were compromised.
The leaked data also included files from the EU's anti-fraud network EUROFISC, which allows national tax administrations to share information on fraudulent activities and combat organised VAT fraud. The agency has informed notaries, banks and credit lenders in the Balkan country over the data breach and urged them to be extra vigilant in approving property deals or extending loans.
Under the GDPR, the tax agency would be subject to investigation and possibly could be fined up to €20mil (RM91.7mil) over the breach, which officials have said compromised about 3% of the agency's database.
Details were still sketchy on the alleged breach but when an ethical hacker is alleged to have 'crossed over to the dark side' as portrayed in the popular 'Star Wars' movies in a real life situation, it doesn't do any good to the reputation and trust organisations would have in engaging and hiring ethical hackers to help them in managing their cyber risks.
Coming on the heels of the arrest of Marcus Hutchins - the cybersecurity researcher who 'stopped' the WannaCry virus and was later discovered to have created and sold malware on the dark web to cyber criminals - the cybersecurity industry is obviously in need of some self assessment and reflections to ensure the public's trust in ethical hackers helping them to manage their organisations' cyber risks are not eroded further.
Pray this is just a rare and one-off event transpiring.