Language switcher

You are here

Estonian Ministries Report Cybersecurity Incidents and Data Breach

Estonian Information System Authority (known as RIA) announced that three government ministries reported cybersecurity incidents in November resulting in significant breaches of personal data. The Ministry of Economics and Communication, Ministry of Foreign Affairs and Ministry of Social Affairs were impacted. 

The affected ministries have been working with RIA to analyse the attack vectors of the breach and contain the intrusions. The three attacks bear similarities as all were directed toward the web server infrastructure. 

The information stolen from the Ministry of Social Affairs included data regarding the containment of infectious diseases which affected 9158 people. The Health and Welfare Information Systems Centre was able to restrict the access to their systems within 8 hours. The Estonian Health Board will be contacting the persons affected in the near future. 

The incidents also affected multiple servers at the Ministry of Economy and Communications. “Despite the seriousness of the incidents there is no threat of disruption of state services. To help counter the threat we have engaged experts from the public and private sector. Now that the initial mitigation efforts are done we need to work together all across the country to keep such attempts from being successful,” Raul Rikk, Head of Cybersecurity Policy at the Ministry of Economy and Communications, said. 

In the incident concerning the Ministry of Foreign Affairs, a database containining information already accessible to the public was copied but no restricted documents or sensitive personal information were retrieved.

“We consider these breaches serious,” Lauri Aasmann, Director of Cyber Security at RIA, said. “The situation is under control as of now. We have informed our partners in the public and private sector about details of these incidents which will help secure against similar attempts in the future. RIA will continue to assess the incidents. We have notified the vendors of these vulnerabilities and patches are already available,” he added. 

The National Criminal Police has commenced an investigation regarding unlawful access to computer systems. The investigation is being led by the Office of the Prosecutor General. 

RIA has compiled the initial details of the incident and shared its recommendations with the IT-security experts at Estonian public sector institutions and operators of vital services.

Seiko Kuik
Press Officer of the Information System Authority
5851 7028 
seiko.kuik [at]

More news on the same subject


Trends and Challenges in the cyberspace Q2 2021

20.7.2021 – Ransomware attacks continue. Cybersecurity of the service provider is also your risk. Elections are not the place for experimenting with facial recognition. A Joint Cyber Unit for Europe?


RIA has compiled an information security guidebook for the public sector

2.6.2021 – The Information System Authority (RIA) and its partners have updated the Estonian information security standard (E-ITS), which contains data on information security threats and provides measures for public sector authorities to help maintain security in their systems.