How would you react if you are told that sensitive personal information of all the citizens of a country could be leaked? Shocking, isn’t it?
vpnMentor recently released an alarming report revealing that the personal data of almost all of Ecuador’s citizens has been breached. This breach was discovered by vpnMentor’s research team, headed by Noam Rotem and Ran Locar, and was tracked to an unsecured server in Miami, Florida, believed to be owned by Novaestrat, a data analytics company based in Ecuador.
Ecuador has a population of approximately 16.62 million. However, the contents of this leaked data consist of almost 18 GB of highly sensitive personal information about well over 20 million individuals. This discrepancy can be attributed to the inclusion of the personal data of deceased persons. Among the leaked data, the personal information of minors was also found. Some of these entries belonged to babies born as late as the first quarter of 2019.
The Kind of Personal Information in the Breach
The leaky database holds a wide array of personal data that can be misused against the concerned people by scammers and cybercriminals. The following is a gist of the information discovered:
- Personal information such as name, age gender, date and place of birth, home address, marital status, educational level, cell phone numbers, email address, etc.
- Sensitive financial information like account status, current balance, credit type, taxpayer IDs, Cedula number – which is the Ecuadorian equivalent of a social security number, etc.
- Employment details like name and location of employer, employer’s taxpayer id, salary information, job start and end date, etc,
- Automobile information such as the model of car and license plate number.
This data was acquired from the government’s civil registry, an Ecuadorian bank, and the Association of Automotive Companies of Ecuador.
The authenticity of some of these credentials was verified by ZDNet by contacting some of the people in the database.
Implications of the Ecuador Data Breach
vpnMentor filed a report against the exposed data to Ecuador’s telecommunications ministry on 11 September and the leaked data was secured that same day.
However, it is unknown whether vpnMentor’s researchers found this information before scammers and phishers did.
If in the wrong hands, the leaked data can have potentially threatening and/or long term consequences. It can lead to identity theft, financial fraud, an easier bypass for scammers, and, in extreme cases, theft and kidnapping.
On 16 September, a raid was carried out at the Novaestrat office and various types of equipment were seized. The general manager, who’s resident served as the office, was also arrested.
On the same day, Telecommunications Minister Andres Michelena announced that a personal data protection bill had been expedited to the National Assembly.
In this day and age of rapid digitization, the personal information of everyone is under threat of being breached. It is a well-known fact that the data of consumers is stored, copied, bought, and sold by third parties on the daily. This incident of the leak of an entire country’s data has showcased the magnitude at which data can be compromised.
Some common causes of data breaches are security vulnerabilities in any given database, malware, misuse by insiders, weak passwords, unencrypted data storing, and scams.
Digital storage of data cannot be escaped in modern society. To immune people’s data against these threats, it is important that governments and data analytics companies take rigorous measures to ensure data security over everything else.