Estonia arrests hacker for stealing 286K ID scans

A Tallinn man was arrested in Estonia on suspicion of downloading ID scans of 286,438 Estonians from the Identity Documents Database by exploiting a government image transfer service vulnerability (KMAIS).


The hacker was apprehended on July 23 after a combined investigation by the National Criminal Police’s Cybercrime Bureau and RIA, which began when RIA was notified to a higher-than-usual number of queries.


During the searches, detectives discovered the downloaded images from a database in the person’s possession, as well as the names and personal identification codes of the people, according to Oskar Gross, chief of the police’s cybercrime unit.


Using the names and personal ID codes of the targets, the suspect downloaded government document pictures from several public databases.


By impersonating the impacted individuals, the stolen information could not be used to undertake notarial or financial activities or acquire access to state digital services.


Individuals whose document photos have been stolen do not need to apply for a new physical or digital document (passport, ID card, residency permit card, mobile-ID or Smart-ID, and so on) or take a new document photo, according to the RIA. All of your identification documents and images are still valid.


Despite the fact that the vulnerability was introduced into the system and might have been exploited several years ago, there is no trace of a previous attack.


The data was not transferred from the suspect’s computer after it was stolen from KMAIS, according to RIA, and he may not have used it in any way.


The Estonia Police and Border Guard Board will send an email to all Estonian individuals whose ID scans and personal information were stolen during the incident.


This incident, according to RIA, is unrelated to a breach that occurred earlier this month on the state portal’s access rights management system, exposing the personal data of over 300,000 people.



You might also like:

Meteor wiper malware was used against Iran’s national railway system

Haron and BlackMatter ransomware groups appeared on hacker forum