Ecuador Population Data Breach and the USA Could Be Next, Here Is Why
ADDS raid, details, data protection bill, Almost the entire population of Ecuador had their personal data leaked online in a major security breach, officials and security experts said Monday.
Data on an estimated 20 million people, including almost seven million minors as well as deceased citizens, was exposed by the breach, the state attorney general ‘s office said.
The data was hosted on an unsecured server run by an Ecuadoran marketing and analytics firm.
“The information that I can share with you at this moment is that this is a very delicate issue, it is a major concern for the whole of the government and the state,” said Interior Minister Maria Paula Romo.
The South American nation has a population of 17 million, according to the UN Population Fund.
Ecuadoran authorities said the data was allegedly from a server-based in the United States.
The security company vpnMentor uncovered the breach on the server run by the firm Novaestrat, which included citizens’ full names, dates, and places of birth, education levels, phone numbers, and national identity card numbers.
ZDNet, the cybersecurity website that first reported the breach, said there was even data on the country’s president and on Julian Assange, the WikiLeaks founder who applied for asylum in Ecuador and spent years holed up in the country’s London embassy before being arrested this year by British police.
As part of his application for asylum, Assange was issued an Ecuadoran identity card.
The security company contacted Ecuador’s Computer Emergency Response Team to secure the leaked data, ZDNet said.
Romo said the government was “working on an investigation which will permit us in the coming hours to assess who is responsible for what happened.”
“I hope, too, that in the hours to come, the telecommunications ministry will be able to assess more thoroughly technical information about data protection.”
Authorities in Ecuador said they had raided Novaestrat’s office to collect evidence, including computers and electronic equipment.
The ministry of telecommunications, meanwhile, said it would send a bill on personal data protection to the National Assembly as part of the government’s efforts to prevent such leaks.