The penalty comes after the cyber attack in April

The Commission for the Protection of Personal Data (CPPD) has drawn up an act for BGN 1 mln. to "Bulgarian Posts".

The act is about the fact that the company "failed to implement appropriate technical and organizational measures" before and during the cyber attack on April 16 and so has allowed malware to encrypt sensitive databases.

No sensitive data was leaked but adequate technical and organizational measures were not implemented before and during the cyber attack.