As of Monday afternoon, approximately 223,000 people with Estonian ID cards containing a chip affected by a security flaw have updated their certificates, according to the Information System Authority (RIA).
About 180,000 people had remotely updated their certificates, and another approximately 43,000 had done so at Police and Border Guard Board (PPA) service points.
All ID cards with suspended certificates will remain valid as photo ID, and as travel documents within the Schengen zone. They can also continue to be used as bonus cards in participating stores and to pick up prescription medications at pharmacies.
The certificates of affected cards can be updated either remotely or in person at PPA service points through March 31, 2018.
Certificates suspended in early November
On Thursday, Nov. 2, the Estonian government decided at a Cabinet meeting to suspend the certificates of Estonian ID cards vulnerable to a detected security risk, which numbered approximately 800,000 in total, at midnight the next night.
Prime Minister Jüri Ratas explained at a government press conference that evening that the Czech researchers who had initially discovered the security risk affecting all ID cards issued in Estonia beginning Oct. 16, 2014, including national IDs and the ID cards issued to Estonian e-residents, had published their research in full that week, which increased the risk of the vulnerable ID cards being exploited to a critical level.
ID cards issued prior to Oct. 16, 2014 used a different kind of chip and are not affected by the current risk; also unaffected are ID cards issued beginning at the end of last month.
Police have also urged residents who actively use their ID cards as electronic ID to also sign up for the SIM card-based Mobile ID, which is likewise unaffected by the security risk.
Editor: Aili Vahtla
Source: BNS, ERR