Authorities have discovered that some 15,000 ID cards due to be deactivated in 2014 remained usable for Estonia’s e-services for more than a year.
An error in the systems of the Ministry of the Interior’s IT and development center, SMIT, prevented the cards from getting fully deactivated, tech news portal Geenius.ee reported on Wednesday.
While the physical cards were actually deactivated, their digital certificates remained valid, which means that any accounts of digital services connected to the cards were still accessible with the appropriate information.
As the Police and Border Guard Board (PPA) explained to Geenius.ee, the glitch mainly concerned cards that expired automatically, thus affecting the certificates of deceased Estonian residents, cases of name changes e.g. through marriage, and so on.
Of all the cards that remained valid, the certificates of 353 were used after their expiration dates, 258 of which belonged to people that were no longer alive, the PPA told Geenius.ee.
Looking into the use of those 285 cards, the PPA ascertained illicit use only in a single case, resulting in a currently ongoing criminal investigation.
According to authorities, the problem has been solved, and all the remaining certificates cancelled. SMIT announced that they are preventing similar events from occurring in the future by adding checks to the system.