Estonia Launches International Search for Suspect in Major Data Breach

Estonian authorities have launched a global manhunt for a Moroccan man accused of carrying out one of the country's biggest data breaches.

The suspect, 25-year-old Adrar Khalid, is believed to have illegally accessed the customer database of Allium UPI, the parent company of Estonia’s well-known pharmacy chain, Apotheka. The breach happened in February 2024.

Police say Khalid may have logged into the system using administrator credentials. Investigators are still trying to figure out how he got the password. Reemo Salupõld, who leads the cybercrime investigation team, said Khalid is suspected of deliberately using high-level access to download sensitive information.

The stolen data includes nearly 700,000 personal ID numbers, more than 400,000 email addresses, close to 60,000 home addresses, and about 30,000 phone numbers. Records of non-prescription drug purchases dating back to 2014 were also taken, but officials confirmed no prescription data was involved. So far, there is no evidence that the stolen data has been misused.

The Estonian Prosecutor General has issued an arrest warrant for Khalid and placed him on an international wanted list. If caught in another country, Estonia will request his extradition.

Allium UPI, which runs pharmacy and healthcare businesses in Estonia, Latvia, and Lithuania, publicly admitted to the data breach in February. The company manages customer loyalty programs for Apotheka, Apotheka Beauty, and PetCity.

The investigation is still ongoing.