The Central Criminal Police this week processed two young men suspected of breaching the information system of parcel terminal operator Itella and downloading the personal data of around 10,000 users last fall.
According to preliminary suspicions, two Estonian young mean, aged 15 and 19, gained access to Itella's information system and download the data of 10,000 people. The suspects compiled a detailed overview of the vulnerability which they published online, along with data including Itella customers' names, email addresses and cell phone numbers.
The investigation is based on provisions of the Penal Code dealing with illegally accessing computer systems. The 19-year-old is also suspected of using a fake ID.
Ago Ambur, head of the cybercrime bureau of the Central Criminal Police, said that the suspects were identified despite their attempts to cover their tracks.
Ambur explained that trawling for security vulnerabilities, either out of financial or intellectual interest, is a widespread phenomenon in the cyber world and there are legal ways of looking for vulnerabilities and reporting them responsibly.
"In this case, the information system was breached without the owner's consent, sensitive data downloaded and detailed information posted on social media for everyone to read," Ambur added.
Prosecutor Vahur Verte said that the investigation will have to determine the motives and the precise role of the suspects. The prosecution will decide on further steps once it is concluded.
The investigation is being carried out by the Central Criminal Police's cybercrime bureau on behalf of the Office of the Prosecutor General.
Editor: Marcus Turovski