Despite many users continuing to encounter difficulties, as of Thursday morning, 35,000 people had renewed the security certificates for their Estonian ID cards, patching a potential security risk first detected in late August.
Information Systems Authority (RIA) communications director Helen Uldrich told ERR's online news portal that since Oct. 25, a total of 35,000 people have either remotely updated their certificates or visited a Police and Border Guard Board (PPA) service point in person to have their certificates renewed.
Over 7,700 people renewed their certificates on Nov. 1, and another 2,400 had renewed their certificates overnight.
"Errors may still occur," Uldrich noted. "We are working to restore the system's stability."
Approximately 18,000 card holders will be unable to update their certificates remotely due to technical reasons; they have been contacted directly via email.
800,000 cards vulnerable
A total of 800,000 cards are vulnerable to the detected security risk, 500,000 of which are in active use as digital IDs. According to the PPA, 45,000 cards are in very intensive use.
Police have urged residents who actively use their ID cards as electronic ID to also sign up for the SIM card-based Mobile ID, which is unaffected by the security risk.
For security reasons, Estonia will restrict the electronic use of unpatched ID cards in the next few days. The certificates associated with the cards affected by the security risk will be revoked on April 1 next year, which means that holders of affected cards must apply for a new card if they have not updated their current cards in the meantime.
On Aug. 30, an international group of researchers informed the RIA that they had discovered a security risk affecting all ID cards issued in Estonia beginning in October 2014, including ID cards issued to Estonian e-residents.
ID cards issued prior to Oct. 16, 2014 used a different kind of chip and are not affected by the current risk. The security risk likewise does not affect Mobile-ID users.
Editor: Aili Vahtla