A data breach affecting 20 million people has put the entire population of Ecuador at risk. Following the revelation, government officials responded immediately by launching an investigation. Authorities have arrested a senior executive of Novaestrat, a local data analytics firm in Ecuador. The firm is accused of leaving the sensitive information on an unsecured server.
What information was exposed?
Security firm vpnMentor spotted the breach on a Miami-based Elastic server whilst conducting its own project. The information on the server appears to be from Ecuadoran registries, a national bank and an automobile associate. The firm immediately alerted Ecuadorian authorities and once the breach was closed, the government launched an inquiry.
According to the report published by vpnMentor, the data leak includes full names, social security numbers, contact information and home addresses of 20 million people. In other parts of the database, employment information such as job titles, salaries as well as financial information like credit type and current balance were discovered.
The exposed data also included the National Identification number for Julian Assange, founder of Wikileaks who lived in the Ecuadorian Embassy from 2012 until this year when he was arrested by British enforcement officials.
Some of the exposed data belonged to deceased individuals. Ecuador has a population of 16 million and it remains unseen how many living citizens are affected in the data breach.
Response from Ecuadorian Government
In a statement issued on Tuesday, Ecuadorian officials said a man identified as William Roberto G (Novaestrat’s legal representative) has been arrested. Ministry officials are looking into how Novaestrat obtained the sensitive information, but they maintain the company did not hack or breach Ecuador’s servers.
How will the breach affect people?
Expert advice in vpnMentor’s report states, “Once data has been exposed to the world, it can’t be undone. The database is now closed, but the information may already be in the hands of malicious parties.”
The breach now places millions of people at risk of email and phone scams, phishing attacks, theft and financial fraud. This is not the first data breach to hit Ecuador. In 2016, hackers stole $12 million from Ecuador’s Bando del Austro bank by breaching its payment system.
Across the board, there are warning signs of hackers taking advantage of weak security systems as countries and companies move towards digitalising personal data. A couple of months ago, a hacker also exposed the personal data of five million Bulgarian citizens. This is yet another wake-up call for governments and companies to invest more in technology that prevents cyber-attacks and review processes for third party handling of personal information.
Jamal Ahmed, Kazient’s lead Privacy and GDPR compliance consultant comments, “Governments across the globe must take responsibility for protecting the privacy of their citizens by updating and enforcing appropriate privacy legislation. We live in an age where individuals are very vulnerable to serious harm if their personal data is not adequately protected.”
In the wake of the breach, Ecuador’s president Lenin Moreno has asked the government to expedite the process of passing a new data privacy law.
Kazient Privacy Experts offer bespoke Data Protection, Privacy and GDPR compliance solutions in a language you understand to UK and international organisations, and has received positive media coverage across Europe. Kazient’s GDPR consultants are fully certified to be your outsourced Data Protection Officer or EU Representative. Get in touch to find out how we can help your business by visiting our website www.kazient.co.uk or calling us on 0330 022 9009.
Mahmoudat Sanni-Oba is a Data Privacy Analyst for Kazient Privacy Experts. She earned a Bachelor's degree in Accounting and Finance from LSE in 2018 and has a keen interest in technology and data protection.
