Ecuador Data Breach: Records of Over 20 Million Users Exposed

Following the outbreak of a number of cybersecurity mishaps in recent times. Ecuador as at Monday, 16th September, experienced a major data breach baring the personal information of almost all the population of Ecuador to unlicensed third-party agents. The leaked 18Gigabyte-sized data contained research documents and statistics on over 20 million individuals.

The leaked data encompasses such information as names, addresses, employment status, phone numbers, and national identity numbers. Derived from about 7.5 million personage financial and banking records, 2.5 million car ownership logs as well as detailed information on infant demography in the region, to the tune of 6.7 million children data.

According to the report released by ZDNet, this data infringement is believed to be as a result of carelessness on the part of the administrators of the IT consulting firm who allowed entry to the Elasticsearch server unchecked and without a password. Otherwise granting access to these records to anyone on the Internet.

In a statement issued by the Ministry of Telecommunications and Information Society on Monday. The Minister of telecommunications – Andrés Michelena Ayala announced that Novaestrat – the data analytics and IT consulting firm directly involved with the leaked data, and its employees are been placed under investigation upon the charges of privacy violation and distribution of private information to the general public without due authorization.

Subsequently, the Ecuadorian authorities swooped down on Williams Roberto G. – Director of Novaestrat. As the management at Novaestrat is been slapped with the allegations of accumulating these data illegally. Although a government-endorsed data analytics firm, since Novaestrat boasts of a number of contracts been awarded by the Ecuadorian government between 2015 to 2017. What is not actually known is whether the employees at Novaestrat intentionally broadcasted this data or perhaps it was a glitch on the company’s server-side handling. 

However, one certainty stands to be that these data are originally not supposed to be in the possession of the company who might have come across such data while working extensively with the government in the past. Inclined by the gravity of the data breach, the Ecuadorian government is set to take a giant leap towards implementing a stricter data privacy law with plans to pass this new law to the parliament within the next three days.