In one of the most serious data breaches in history, the personal data of 20 million people, including 17 million Ecuadorians—6.7 million children among them—have been leaked online, reports ZDNet. Equador’s 2019 population is estimated to be 17.37 million people.
As with so many other data breaches, the cache of data of virtually everyone in Ecuador was found on an unsecured server that almost anyone could access. It was discovered by security company vpnMentor. The server is located in Miami and appears to be owned by Ecuadorian company Novaestrat, a consulting firm that provides data analytics, strategic marketing, and software development.
In total the server contained 18 GB of data with the following personal information:
- full name (first, middle, last)
- date of birth
- place of birth
- home address
- email address
- home, work, and cell-phone numbers
- marital status
- date of marriage (if applicable)
- date of death (if applicable)
- level of education
It appears the data originated from government sources in the country, and it even contained information about the country’s president, and even Julian Assange, who received a national ID number called a cedula (similar to a U.S. social security number) when he was granted political asylum.
After discovering the data cache, vpnMentor contacted Novaestrat,and the breach was secured on September 11, 2019. This is the second major data breach involving a South American country this summer. In August a server was found that exposed the voter records of 14.3 million Chileans—80% of the country’s entire population.
[Correction, 9/6/2019, 9 p.m. EDT: Article updated to remove statement that the server in question was an Amazon cloud server.]