2 min read

Police raids after data on most of Ecuador's citizens leaks online

Graham CLULEY

September 17, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Police raids after data on most of Ecuador's citizens leaks online

It’s bad enough when a company suffers a data leak that exposes the personal information of its customers. But things can be even worse when the business suffering a data breach was storing the detailed information about potentially the population of an entire country.

Researchers at vpnMentor report that they were able to access data on a Miami-based ElasticSearch server, that was not protected by a password.

The server, which the researchers say appeared to belong to Ecuadorian consultancy firm Novaestrat, contained details of more than 20 million citizens in the South American country of Ecuador.

As Ecuador only has a population of some 16 million people, it’s likely that some of the records are duplicates or related to individuals who have since deceased.

Information exposed in the breach includes individuals’:

  • full name
  • gender
  • date and place of birth
  • home address
  • email address
  • phone number
  • marital status
  • date of marriage
  • level of education
  • date of death (where applicable)
  • family tree information
  • national ID card number

Over 6.7 million database entries relate to children under the age of 18.

In addition, sensitive information contained in the exposed databases includes care registration details, employer information, and millions of financial records and bank balances, and even the branch where accounts were opened.

According to the researchers, the data appears to have been sourced from the Ecuadorian government, automotive association AEADE (Asociación de Emprees Automotrices del Ecuador) and Ecuadorian national bank Biess.

Such information, if it fell into the hands of criminals, could clearly be exploited for fraud on a massive scale. It’s easy to imagine, for instance, how individuals exposed by the breach could be targeted by scammers via email and telephone – using the leaked data to make the communications appear more legitimate.

To the amusement of some, victims of the breach include Wikileaks founder Julian Assange who spent seven years hiding from British police in the Ecuador’s British embassy until his detention earlier this year.

Whatever you might think of Assange and the practices of Wikileaks, he doesn’t deserve to have his personal information exposed on the internet anymore than anyone else.

Although the leaking ElasticSearch server has been closed soon after vpnMentor’s researchers got in contact, that’s naturally not enough to allay concern in Ecuador about damage which might have been done.

On Monday, police in Ecuador raided the home of one of Novaestrat’s directors, seizing computer equipment and taking him in for questioning.

Telecoms minister Andres Michelena posted on Twitter that if it was confirmed that Novaestrat staff violated the personal privacy of Ecuadorians, “it is a criminal offense that must be punished.”

This incident underlines once again that even if you do everything in your power to keep your personal information safe and secure, you are powerless to do anything other than hope that companies are doing a good enough job to protect your data. And sometimes the organisations which end up leaking your data may be ones you have never heard of, and never realised were storing your sensitive information without your knowledge.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read