Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Estonia arrests hacker who stole 286K ID scans from govt database

Estonia arrests hacker who stole 286K ID scans from govt database

Image: Stanislav Rabunski

A Tallinn man was arrested a week ago in Estonia under suspicion that he has exploited a government photo transfer service vulnerability to download ID scans of 286,438 Estonians from the Identity Documents Database (KMAIS).

The attacker was apprehended on July 23, following a Cybercrime Bureau of the National Criminal Police and RIA joint investigation that started after RIA was alerted of a higher than the usual number of queries.

“During the searches, investigators found the downloaded photos from a database in the person’s possession, along with the names and personal identification codes of the people,” Oskar Gross, head of the police’s cybercrime unit, said.

“Currently, we have no reason to believe that the suspect would have used or transmitted this data maliciously, but we will further clarify the possible motives for the act in the course of the proceedings.”

Also Read: 4 Reasons Why You Need an Actively Scanning Antivirus Software

Stolen info cannot be used for fraud

The suspect downloaded the government document photos using the targets’ names and personal ID codes (available from various public databases).

RIA added that the stolen information could not be used to perform notarial or financial transactions or gain access to state digital services by impersonating the impacted individuals.

“It is not possible to gain access to e-services, give a digital signature, or to perform different financial transactions (incl. bank transfers, purchase and sales transactions, notarial transactions, etc.) using a document photo, personal identification code, or name,” RIA Director General Margus Noormaa added.

“People whose document photos have been stolen need not apply for a new physical or digital document (passport, ID-card, residence permit card, mobile-ID or Smart-ID, etc.) or take a new document photo. All identity documents and photos remain valid.”

All impacted individuals to be notified via email

Although the vulnerability was introduced in the system and could’ve been exploited several years ago, current evidence doesn’t show that such an attack has happened since then.

RIA also said that the data was not transferred from the suspect’s computer after it was stolen from KMAIS, and there is no reason to believe that it was misused in any way.

All Estonian citizens who had their ID scans and personal information stolen during the incident will be notified via email by the Estonian Police and Border Guard Board.

RIA added that this incident is not connected with another breach disclosed earlier this month when the personal data of over 300,000 people was exposed on the state portal’s access rights management system.

Also Read: What is Social Engineering and How Does it Work?



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us