article featured image


A week ago, a hacker that is believed to have exploited a government photo transfer service flaw to download ID scans of 286,438 Estonian citizens from the Identity Documents Database (KMAIS) has been apprehended in Estonia.

The Tallinn man was arrested on July 23 after a Cybercrime Bureau of the National Criminal Police and RIA joint inquiry that began following the RIA warning of an abnormal number of queries.

Oskar Gross, head of the police’s cybercrime unit declared:

During the searches, investigators found the downloaded photos from a database in the person’s possession, along with the names and personal identification codes of the people.

Currently, we have no reason to believe that the suspect would have used or transmitted this data maliciously, but we will further clarify the possible motives for the act in the course of the proceedings.

Can the Stolen Data Be Used for Fraud?

The answer is no. RIA stated that the stolen data could not be used to carry out notarial or banking transactions or obtain access to state digital services by posing as the impacted individuals.

The threat actor downloaded the government document photos using the victims’ names and personal ID codes that were obtainable from several unrestricted databases.

It is not possible to gain access to e-services, give a digital signature, or to perform different financial transactions (incl. bank transfers, purchase and sales transactions, notarial transactions, etc.) using a document photo, personal identification code, or name.

People whose document photos have been stolen need not apply for a new physical or digital document (passport, ID-card, residence permit card, mobile-ID or Smart-ID, etc.) or take a new document photo. All identity documents and photos remain valid.


What Is Gonna Happen Next?

BleepingComputer says that even though the bug was introduced in the system and could’ve been exploited several years ago, current evidence doesn’t show that such an attack has happened since then.

According to RIA, the information hasn’t been transferred from the attacker’s computer since it was stolen from KMAIS and probably wasn’t misused in any way.

All the Estonian citizens involved in the incident will be informed via email by the Estonian Police and Border Guard Board.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

Leave a Reply

Your email address will not be published. Required fields are marked *