Data of most Ecuadorean citizens leaked, including 6.7 million children
In a shocking development, a major security breach has been reported which has leaked personal data of almost the entire population of Ecuador online. All of the country's 16.6 million people, including 7 million minors and children, had their privacy invaded as their data was breached on an unsecured server run by an Ecuadorean marketing and analytics firm, Novaestrat. Here are more details.
Leak includes full names, addresses, national IDs, phone numbers, etc.
The breach was discovered by two security researchers working for vpnMentor, Noam Rotem and Ran Locar, two weeks ago, and first reported by cybersecurity website ZDNet on Monday. Reportedly, the data that was breached included citizens' full names, dates of birth, places of birth, home addresses, marital status, cedulas (national identity card numbers), work/job information, phone numbers, and education levels.
Leak contained data on Ecuadorean President, Julian Assange
The database was reportedly up-to-date and contained information as recent as 2019. According to ZDNet, the leak even contained data on the country's president, and Julian Assange, who was granted asylum in the Ecuadorean embassy in London from 2012 until his arrest in April.
What are the risks of such a huge data breach?
Exposing the risks of the breach, ZDNet stated that they found 6.77 million entries for minors, 7 million financial records, and 2.5 million records containing car and car owner details. This could make targeting children from rich families for kidnapping extremely easy. Additionally, the leak exposes individuals and companies to dangers of identity theft, financial fraud, business espionage, and other security threats, vpnMentor reported.
This is a very delicate issue: Ecuador's Interior Minister
Notably, Interior Minister Maria Paula Romo said this was a "very delicate issue" and "a major concern for the whole government and the state." Romo also addressed the detention of Novaestrat's legal representative, William Roberto, saying "he will be transferred immediately" to enable Ecuador prosecutors to investigate the case. Investigators had raided Roberto's Home on September 16, and seized computers, documents, and electronic devices.
Breach has since been closed, but is that enough?
According to Ecuador's telecommunications ministry, vpnMentor reported the breach to Ecuadorean officials on September 11. Thereafter, the Ecuador CERT (Computer Emergency Response Team) secured the breach. Even with the breach closed, vpnMentor warned, "Once data has been exposed to the world, it can't be undone. The database is now closed, but the information may already be in the hands of malicious parties."