Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Security Firm: Data Breach Exposes Millions of Ecuadorians

Millions of Ecuadorians are at risk of identity theft because a security breach exposed a trove of data including names, phone numbers and birth dates, a cyber security firm said Monday.

Millions of Ecuadorians are at risk of identity theft because a security breach exposed a trove of data including names, phone numbers and birth dates, a cyber security firm said Monday.

Researchers at vpnMentor said the problem stemmed from an unsecured server located in Miami that contained information on over 20 million individuals, most of whom reside in Ecuador. The small South American nation is home to just over 17 million people, meaning nearly everyone could have been exposed.

Ecuadorian President Lenin Moreno said he would push through legislation to ensure stricter data security, while Interior Minister María Paula Romo vowed to hold those responsible accountable.

“The information we’ve received is very serious,” she said.

Experts said Ecuador does not have mechanisms in place requiring companies to protect personal data.

According to vpnMentor, the server in question is owned by Ecuadorian company Novaestrat, which did not respond to requests for comment from The Associated Press.

It wasn’t immediately clear if anyone had wrongfully accessed the data. And while vpnMentor said the breach was closed Wednesday, it also noted the impact can be long lasting.

The information could potentially be used to commit everything from phone scam to business fraud.

“A malicious party with access to the leaked data could possibly gather enough information to gain access to bank accounts and more,” the firm said in a statement.

The data includes national identity card numbers, tax identification numbers and even names of relatives.

The researchers said WikiLeaks founder Julian Assange is among those in the database. The Ecuadorian government granted Assange citizenship during his nearly seven-year stay at the nation’s London embassy. According to the firm, researchers found his name and what is believed to be a national identity number.

The breach is one of several large-scale security lapses exposing the personal data of millions this year.

In July, Capital One said a hacker had accessed the personal information of 106 million credit card holders or credit card applicants in the United States and Canada.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.