Ecuador: A Nation Hacked

The personal data of every citizen of Ecuador has been leaked online in a catastrophic data breach.  The names, phone numbers, and financial information of approximately 17 million Ecuadoreans were found on an unsecured cloud server by researchers working on a web-mapping project at security company vpnMentor.

The Ecuadorian government’s police force has now arrested a senior executive of data analytics firm Novaestrat in connection with the massive data breach.

Police raided Novaestrat's office and have apprehended William Roberto G., the company's legal representative, in his office.
The authorities claimed that Novaestrat, a small online data consulting firm based in the city of Esmeraldas, was not authorised to be in possession of the vast amount of data it had, adding that there’s sufficient grounds to charge the company and its executives with the violation of privacy of people and disseminating personal data without authorisation.

The officials added that they were investigating how Novaestrat was able to gather such a large amount of confidential, personal data. 

Initial findings of the probe suggested that the company didn't hack any government server and likely gained access to the data between 2015 and 2017, when it received several government contracts. This enormous 18GB cache of data included personal information relating to individuals who were deceased as well as to the country's living population of 17 million. Personal information relating to 6.7 million Ecuadorean children was among the data leaked.

Exposed files revealed a large amount of sensitive personally identifiable information, such as family records, marriage dates, education histories, employment records, and official ten-digit government ID numbers.

"This data breach is particularly serious simply because of how much information was revealed about each individual," Noam Rotem and Ran Locar wrote from vpnMentor. "Scammers could use this information to establish trust and trick individuals into exposing more information." 

Tax records and financial records revealing the account balances of customers of a large Ecuadorean bank were among the data breached. 

Rotem and Locar wrote, "Although the exact details remain unclear, the leaked database appears to contain information obtained from outside sources. These sources may include Ecuadorian government registries, an automotive association called Aeade, and Biess, an Ecuadorian national bank."

A simple search of the leaked data would enable anyone to put together a list of wealthy Ecuadoreans that would be the envy of kidnappers everywhere. 

Taken as a whole, the data revealed not just who had large amounts of money in the bank but also where they lived, if they were married, if they had children, what cars they drove, and the license plates of their vehicles. Within the leaked records researchers also found an entry and national identification number for WikiLeaks founder Julian Assange, who was granted political asylum by Ecuador in 2012. 

Rotem and Locar found the exposed data in a number of files saved on a server located in Miami, Florida, which was set up and maintained by the Ecuadorian marketing and analytics company.

After discovering the data cache, vpnMentor contacted Novaestrat. The Ecuador Computer Emergency Security Team restricted access to the unsecured server on September 11, 2019.  The breach follows a similar incident that took place recently in another South American country. In August this year, a server was found that exposed the voter records of 80% of Chile's 14.3 million citizens.

Infosecurity:        Computing

You Might Also Read:

Bermuda Super Rich Hack:

 

 


 

 

« AI - Driven Warfare Using Robots
The Technology Of Human Robotics »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets is a global series of summits focusing on cyber security for critical infrastructure.

Galvanize

Galvanize

Galvanize is a leading provider of award-winning, cloud-based security, risk management, compliance, and audit software for some of the world’s largest organizations.

PECB

PECB

PECB is a certification body for persons, management systems, and products on a wide range of international standards in a range of areas including Information Security and Risk Management.

SecuTech Solutions

SecuTech Solutions

SecuTech is a global leader in providing strong authentication and software licensing management solutions.

Modulo Security

Modulo Security

Modulo provides automated Governance, Risk, and Compliance (GRC) solutions.

Stage2Data

Stage2Data

Stage2Data is one of Canada’s most trusted cloud solution providers offering hosted Backup and Disaster Recovery Services.

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node is part of a national network designed to foster and accelerate cyber capability and innovation across Australia.

FifthDomain

FifthDomain

We are a specialist cyber security education and training company tackling the global cyber security skills shortage.

High Wire Networks

High Wire Networks

High Wire Network’s Overwatch Managed Security Plaform-as-a-Service offers organizations end-to-end protection for networks, data, endpoints and users.

Dynics

Dynics

The Dynics ICS-Defender is an Industrial Control System Security Appliance for OT or OT/IT convergent environments.

Eureka Security

Eureka Security

Eureka help organizations securely use any cloud data storage technology they need without having to compromise on security.

USX Cyber

USX Cyber

USX Cyber was founded on the idea that small and medium businesses deserve and require the same level and sophistication of cyber protection as large enterprises.

SPYROS Information & Technology Consulting

SPYROS Information & Technology Consulting

SPYROS specializes in providing highly qualified professionals in Computer Network Operations, Signals Intelligence, Technical Training and Certifications, Network Administration and Security.

Symbiotic Security

Symbiotic Security

Symbiotic Security revolutionizes code security by integrating an AI-driven security coach directly within developers' IDEs.

VCI Global

VCI Global

VCI Global is a diversified holding company. Through its subsidiaries, it focuses on consulting, fintech, AI, robotics, and cybersecurity.

Scalefusion

Scalefusion

Scalefusion provides a comprehensive suite of products engineered to simplify endpoint, user, and access management for IT teams.