Estonian officials arrested a suspect who exploited a vulnerability and downloaded 286,438 ID scans from the Identity Documents Database.
- Estonian officials arrested a Tallinn man who exploited a vulnerability to access a government database and downloaded 286,438 ID scans from the Identity Documents Database (KMAIS).
- The Cybercrime Bureau of the National Criminal Police and RIA joint investigation started after RIA was alerted higher than a usual number of queries.
Estonian officials arrested a suspect who exploited a vulnerability and downloaded 286,438 ID scans from the Identity Documents Database.
The attacker was arrested on July 23, and the identity of the suspect was not disclosed; he was only identified as a Tallinn based male.
Officials said the suspect discovered a vulnerability in a database governed by the Information System Authority (RIA), the Estonian government agency that manages its IT systems.
“During the searches, investigators found the downloaded photos from a database in the person's possession, along with the names and personal identification codes of the people," said Oskar Gross, head of the police's cybercrime unit.
"Currently, we have no reason to believe that the suspect would have used or transmitted this data maliciously, but we will further clarify the possible motives for the act in the course of the proceedings."
The attacker downloaded the government document photos using the targets' names and personal ID codes (available from various public databases).
RIA added that the stolen data could not be used to conduct notarial or financial transactions or gain entry to state digital services by impersonating the impacted individuals.
"People whose document photos have been stolen need not apply for a new physical or digital document (passport, ID-card, residence permit card, mobile-ID or Smart-ID, etc.) or take a new document photo. All identity documents and photos remain valid."
The agency said it is currently notifying all the affected Estonian citizens via email by the Estonian Police and Border Guard Board.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?