Language switcher

You are here

Estonian Ministries Report Cybersecurity Incidents and Data Breach

Estonian Information System Authority (known as RIA) announced that three government ministries reported cybersecurity incidents in November resulting in significant breaches of personal data. The Ministry of Economics and Communication, Ministry of Foreign Affairs and Ministry of Social Affairs were impacted. 

The affected ministries have been working with RIA to analyse the attack vectors of the breach and contain the intrusions. The three attacks bear similarities as all were directed toward the web server infrastructure. 

The information stolen from the Ministry of Social Affairs included data regarding the containment of infectious diseases which affected 9158 people. The Health and Welfare Information Systems Centre was able to restrict the access to their systems within 8 hours. The Estonian Health Board will be contacting the persons affected in the near future. 

The incidents also affected multiple servers at the Ministry of Economy and Communications. “Despite the seriousness of the incidents there is no threat of disruption of state services. To help counter the threat we have engaged experts from the public and private sector. Now that the initial mitigation efforts are done we need to work together all across the country to keep such attempts from being successful,” Raul Rikk, Head of Cybersecurity Policy at the Ministry of Economy and Communications, said. 

In the incident concerning the Ministry of Foreign Affairs, a database containining information already accessible to the public was copied but no restricted documents or sensitive personal information were retrieved.

“We consider these breaches serious,” Lauri Aasmann, Director of Cyber Security at RIA, said. “The situation is under control as of now. We have informed our partners in the public and private sector about details of these incidents which will help secure against similar attempts in the future. RIA will continue to assess the incidents. We have notified the vendors of these vulnerabilities and patches are already available,” he added. 

The National Criminal Police has commenced an investigation regarding unlawful access to computer systems. The investigation is being led by the Office of the Prosecutor General. 

RIA has compiled the initial details of the incident and shared its recommendations with the IT-security experts at Estonian public sector institutions and operators of vital services.
 

Seiko Kuik
Press Officer of the Information System Authority
5851 7028 
seiko.kuik@ria.ee

More news on the same subject

12.01.2021

Trends and observations in the cyberspace Q4 2020

A successful cyber attack on public authorities showed that no one is fully protected in cyberspace

Situation

12.01.2021

The last quarter of 2020 was distinguished by attacks against the IT infrastructure of Estonia

12.01.2021 – The main topic of the cyberspace review of the 4th quarter of 2020 by the Information System Authority (RIA) is successful cyber-attacks against state institutions, which showed that nobody is completely safe in the cyberspace.