The data by the Estonian Information System Authority shows that several important Estonian web services experienced outages in August and a major wave of denial-of-service attacks began in the second half of the month, targeting both public and private websites.
The authority recorded 305 incidents with an impact in August.
Among others, the websites of Tallinn Airport and the Estonian Tax and Customs Board, as well as estonia.ee, a website introducing Estonia, were attacked.
A major wave of cyber attacks started around 20 August – when the country celebrates the date it regained independence from the Soviet Union in 1991 – targeting both public and private websites. Estonian media companies – Delfi, Äripäev and Lääne Elu – were also targeted, causing their websites to experience short-term interruptions.
People’s private information exposed
There were several high-impact incidents – for example, mobile-ID was not available for almost half an hour on the telecommunication company Elisa’s network.
The basic services of the Estonian Health Insurance Fund, such as the digital prescription and the insurance verification, could not be used within 30 minutes due to malfunctions in the X-Road data exchange layer.
“A couple of times, there were also interruptions in the operation of the state portal eesti.ee. After the update, the business services no longer worked properly and due to a technical error, it was possible to see the personal data of another person during a five-minute period: their name, email address, phone number and information about related companies,” the Information System Authority said in a statement.
During the night of 21 August, several services provided by the IT and Development Centre of the Estonian interior ministry were disrupted for nearly four hours. Due to the incident, the waiting time of 112 emergency calls may have been longer than usual – up to 30 seconds instead of the usual five to six seconds.