Prosecutors have charged two workers at a cyber-security company with terrorism in an investigation into Bulgaria's biggest data breach.
It comes after a cyber attack on Bulgaria's tax agency, which compromised the personal data and financial records of every adult citizen.
Georgi Yankov, a manager at the company Tad Group, was charged with terrorism and released from custody, his lawyer Georgi Stefanov said on Wednesday.
Kristian Boykov, 20, a cyber-security worker at the company, has also been charged with terrorism.
Both deny any wrongdoing, Mr Stefanov said.
"We are very surprised with these charges," he said. "How do you charge someone with terrorism but let them go?"
On Tuesday, police raided the Tad Group offices, seizing computers and detaining a manager over last month's cyber attack.
Mr Boykov was conditionally released from custody last Wednesday but banned from leaving the country.
Prosecutors believe he did not act alone and were looking for others in connection with the attack.
They say Mr Boykov was behind an email sent by someone claiming to be a Russian hacker who was offering stolen tax files to local media. Prosecutors do not believe the attack came from abroad.
They said decrypted data allegedly from one of Mr Boykov's computers led them to conclude for the time being that he had the stolen data before it was published online.
The tax agency is facing a fine of up to €20 million (Dh81.8m) over the breach, which officials say compromised about 3 per cent of the agency's database.
The leaked data also included files from the EU's anti-fraud network Eurofisc, which allows national tax administrations to share information on fraudulent activities and fight organised VAT fraud, financial newspaper Capital reported.
On Wednesday, the tax agency said it would contact 189 Bulgarians whose full names, personal identification numbers, addresses and ID card details were among the leaked data.
The four million Bulgarians affected by the breach do not need to change their ID cards, the agency said.
It has informed notaries, banks and credit lenders in the country about the data breach and urged them to be especially vigilant in approving property deals or extending loans.
