Personal data of entire 20M Ecuador populace leaked Online

Cyber Security teams working for the Ecuador government have been pressed into service to investigate sprawling data breach in which personal data of more than 20 million people was available online for access.

The director of a data analytics firm named Novaestrat was arrested yesterday in this regard and will face allegations for exposing data of his company’s data storage server to the bad actors.

William Roberto is the name of the legal representative of Esmeralda’s based data consulting firm who has been taken into custody on Tuesday. And readers of our blog have to notify a fact over here that this same firm was awarded most of the government contracts between 2015 and 2017.

VPN Mentor was the first to disclose the details to the world about the data breach and said that the information was available to be accessed by hackers due to a configuration blunder made on the Elastic search server.

Cybersecurity Insiders has learned that the leaked records stored on the server include personal records of more than 20.8 Ecuadorians and it includes info related to 6.7M Children, 7.5M Financial and Banking records and 2.5M car ownership records.

In a press conference held yesterday by the Ministry of Telecommunications and Information Society of Ecuador, it was confirmed that the breach occurred due to the laxity shown by Novaestrat in applying appropriate security measures while storing data related to Ecuador’s populace.

Novaestrat released a media update via Twitter a few hours ago saying that it has obtained the data through proper channel and not by hacking into the government servers which handle sensitive info.

On request of Telecom Minister Andres Michelena Ayala, Ecuador’s Presidential team is all set to pass a new data privacy law in the next three days or by early next week. The law will be in lines with the recommendations made by Michelena and his team.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display