Data leak exposes personal data of nearly everyone in Ecuador

Facepalm: As companies continue to gather more and more data on us, the risk of having that information leaked online increases, as does the scale. The Equifax breach exposed about a third of the US population's private data. Now a data leak in Ecuador has potentially revealed information about every citizen in that country.

An estimated 20 million people have had their data exposed, mostly in Ecuador. For a country with a population of 17 million, that is pretty much everyone including President Lenín Moreno and WikiLeaks founder Julian Assange, who was given political asylum in the country in 2012.

Security watchdog vpnMentor notes that the breach originated on an Elasticsearch server based in Miami and owned by Ecuadorean company Novaestrat. The exposed data appears to have come from a variety of sources including an automotive association, an Ecuadorean national bank, and government registries.

The cache contained a myriad of data such as names, birthdates, contact information, national identification numbers, taxpayer-identification numbers, driving records, bank account balances, and detailed information about family members.

Ecuador's Computer Emergency Response Team received word of the breach from vpnMentor and shut the server down on September 11. Presumably, it remains offline since as of this writing, Novaestrat's website is inaccessible.

"The leaked database includes over 20 million individuals. The majority of the affected individuals seem to be located in Ecuador. We [even] found an entry for WikiLeaks founder Julian Assange."

The Ecuadorean government does not take data leaks like this lightly. According to a tweet from Ecuador's Interior Minister María Paula Romo, Novaestrat's manager has been detained and may face criminal charges.

Even though the breach is now closed, those affected could have "long-lasting" troubles if the data was accessed by scammers or criminals. The exposed personally identifiable information could be used to execute phishing attacks and phone scams.

"This data breach is particularly serious simply because of how much information was revealed about each individual," said vpnMentor. "Scammers could use this information to establish trust and trick individuals into exposing more information."

There is not much that those affected can do if the data is already in the hands of malicious parties. Individuals should be vigilant and wary of any suspicious emails or phone calls.

Massive data breaches of this scale are becoming more common as our data migrates online. Equifax is still feeling the effects of a 2017 leak that exposed over 140 million US customers resulting in a $700 million settlement that it is still trying to mete out.