A Tallinn man was arrested a week ago in Estonia under suspicion that he has exploited a government photo transfer service vulnerability to download ID scans of 286,438 Estonians from the Identity Documents Database (KMAIS).
The attacker was apprehended on July 23, following a Cybercrime Bureau of the National Criminal Police and RIA joint investigation that started after RIA was alerted of a higher than the usual number of queries.
During the searches, investigators found the downloaded photos from a database in the person’s possession, along with the names and personal identification codes of the people, Oskar Gross, head of the police’s cybercrime unit, said.
Currently, we have no reason to believe that the suspect would have used or transmitted this data maliciously, but we will further clarify the possible motives for the act in the course of the proceedings.