Data leak exposes personal data of nearly everyone in Ecuador

Cal Jeffrey

TS Evangelist
Staff member

An estimated 20 million people have had their data exposed, mostly in Ecuador. For a country with a population of 17 million, that is pretty much everyone including President Lenín Moreno and WikiLeaks founder Julian Assange, who was given political asylum in the country in 2012.

Security watchdog vpnMentor notes that the breach originated on an Elasticsearch server based in Miami and owned by Ecuadorean company Novaestrat. The exposed data appears to have come from a variety of sources including an automotive association, an Ecuadorean national bank, and government registries.

The cache contained a myriad of data such as names, birthdates, contact information, national identification numbers, taxpayer-identification numbers, driving records, bank account balances, and detailed information about family members.

Ecuador’s Computer Emergency Response Team received word of the breach from vpnMentor and shut the server down on September 11. Presumably, it remains offline since as of this writing, Novaestrat’s website is inaccessible.

"The leaked database includes over 20 million individuals. The majority of the affected individuals seem to be located in Ecuador. We [even] found an entry for WikiLeaks founder Julian Assange."

The Ecuadorean government does not take data leaks like this lightly. According to a tweet from Ecuador’s Interior Minister María Paula Romo, Novaestrat’s manager has been detained and may face criminal charges.

Even though the breach is now closed, those affected could have “long-lasting” troubles if the data was accessed by scammers or criminals. The exposed personally identifiable information could be used to execute phishing attacks and phone scams.

“This data breach is particularly serious simply because of how much information was revealed about each individual,” said vpnMentor. “Scammers could use this information to establish trust and trick individuals into exposing more information.”

There is not much that those affected can do if the data is already in the hands of malicious parties. Individuals should be vigilant and wary of any suspicious emails or phone calls.

Massive data breaches of this scale are becoming more common as our data migrates online. Equifax is still feeling the effects of a 2017 leak that exposed over 140 million US customers resulting in a $700 million settlement that it is still trying to mete out.

Permalink to story.



TS Addict
Whewww, I am really glad I live in the US.

Here, only the NSA, Equifax, Capital One, my health insurer and a few dozen other imbeciles have access / exposed my data!


TS Evangelist
Call me vindictive, but all the attractive singles from Ecuador that never replied are getting subscribed to cat facts.