Security risk detected in Estonian ID card

  • 2017-09-05
  • LETA/TBT Staff

TALLINN - A security risk has been identified with 750,000 Estonian ID cards issued after Oct. 16, 2014, spokespeople for the government said on Tuesday.

The Estonian Information System Authority (RIA) said that an international group of researches on Aug. 30 notified RIA of the detection of a security risk which affects ID cards issued in Estonia since October 2014.

"According to the current estimate of Estonian experts, the security risk exists and we will continue checking the claims of the scientists," RIA Director General Taimar Peterkop said in a press release. "We have already developed the primary solutions to mitigate the risks, and we will do our utmost to ensure that the security of the ID card is guaranteed."

According to current information, this security risk has not materialized and nobody's digital identity has been thereby misused, Peterkop said. "All ID card operations are still valid and we will take appropriate actions to secure the functioning of our national digital ID infrastructure. We have restricted the access to Estonian ID card public key database to prevent any illegal actions."

"The Estonian digital society is using cutting edge innovative technologies. Those new technologies provide good value and services for the public, but may also impose risks. What's important is that the potential risks are detected and mitigated. This particular case is a good example of how scientific discovery can impose impact to risk profile and Estonia has to solve them," Peterkop added.

The potential security risk affects ID cards issued since October 2014, including cards issued to e-residents, which number approximately 750,000.

No actual identity theft has taken place.

Cards issued before Oct. 16, 2014 use a different microchip and are not affected by the fault.

The risk does not affect Mobile ID and ID cards continue to be functional.