Bulgaria: Cyber Incident Temporarily Disrupts Government Online Services
On April 19, 2026, a cyber incident led to temporary disruptions in access to online services operated by Bulgarian government institutions, including the Ministry of e-Government and the Council of Ministers.
During the same timeframe, the national e-government portal egov.bg experienced a temporary outage, along with access issues affecting other key public systems.
According to official statements, internal systems remained operational and were not compromised, with the disruption primarily affecting connectivity and service availability.
What We Know So Far
Available information indicates:
- Internet connectivity of key government institutions was impacted
- The egov.bg portal was temporarily unavailable
- Access issues were observed for systems such as the National Revenue Agency and Customs Agency
- No evidence of data breach or system compromise has been reported
- Services were restored after a short disruption
There is no official confirmation of the attack vector. However, similar patterns are commonly associated with DDoS activity or infrastructure-related disruptions.
Why This Matters
Even without data compromise, incidents like this directly impact:
- citizen and business access to digital services
- trust in public digital infrastructure
- operational continuity of government services
Public-facing platforms are a critical access layer and remain a primary target in disruption-focused attacks.
DIAMATIX Perspective
This incident reflects a recurring pattern.
The objective is not necessarily a breach, but service disruption and availability impact.
Key takeaways:
- Internet-facing services are the primary pressure point
- Operational systems may remain intact while services become unavailable
- Response time directly affects trust and continuity
Effective protection requires:
- 24×7 monitoring and traffic analysis
- early anomaly detection
- structured incident response processes
- resilient service architecture
Under NIS2, such events are not only technical incidents but also compliance-relevant.
CISO Analysis
From a CISO perspective, this is a classic availability-focused incident:
- availability is impacted without data compromise
- operations are disrupted without breach
- the external attack surface remains the weakest point
Recommended actions:
- monitor for abnormal external traffic patterns
- implement perimeter protection (WAF, DDoS mitigation)
- segment public and internal systems
- test service disruption scenarios regularly
The key question is not only security, but resilience under pressure.
Sources
- NOVA News – initial reporting
- Ministry of e-Government (Bulgaria) – official statements
- Public service availability observations (egov.bg)
