Estonia sues Gemalto for €152M for the flaws in the identification cards issued by the company

The lawsuit is due to the flaws in the identification cards issued by the company

The Estonian authorities have taken legal action against the security company Gemalto, filing a lawsuit for €152M after security failures in citizen identification cards issued by the company were discovered, as reported by specialists in ethical hacking from the International Institute of Cyber Security. These defective cards will be removed later.

“The Estonian police are trying to recover €152M (about $178M USD) with a lawsuit filed on Thursday against the digital security firm Gemalto, after the authorities had to remove the citizen identification card produced by the firm, since these presented security flaws, reported several media.

The vulnerabilities found in government-issued identification cards provided by the Franco-Dutch company marked an embarrassing setback for Estonia, as this government has been ranked as the most advanced in digital matters.

In November 2017, Estonia announced that it would suspend digital security certificates of up to 760k identification cards containing defective chips to mitigate the risk of identity theft.

The decision came after an ethical hacking firm discovered a vulnerability in the chips used on the cards manufactured by Gemalto’s proprietary Trub AG, which opens the doors to different variants of malware-based attacks.

So far, Estonia had issued 1.3 million electronic identification cards that offered citizens access to a large number of online services through the state portal of “electronic government.” Estonia’s electronic identification cards had been manufactured by the Swiss company Trub AG and its successor Gemalto AG since 2001. The Estonian Government considers that the company lacked its duty to protect the personal information of its inhabitants, exposing them to different types of cyberattacks.

Estonia’s police also plan to file separate claims against Gemalto for other violations of their contract. Estonia had worked with Gemalto and its predecessor to issue their ID cards since 2002, but replaced the manufacturer with Idemia after the ethical hacking group discovered the serious security flaws in their products last year.

The company has not yet officially pronounced on the lawsuit against it.