Almost everyone in Ecuador became a victim of a massive data breach that exposed the personal information of over 20 million individuals, including the country’s president and WikiLeaks founder Julian Assange, who was granted asylum by Ecuador in 2012.
Security firm vpnMentor discovered the breach on a Miami-based Elasticsearch server owned by an Ecuadorian company Novaestrat. It’s said that the exposed data appears to have come from various sources, including the Ecuadorian national bank, Ecuadorian government registries, and an automotive association called Aeade. The exposed information includes names, date of birth details, contact information, National identification numbers, bank account details, taxpayer-identification numbers, and driving records.
The unprotected database was taken down on September 11, after vpnMentor notified Ecuador’s CERT (Computer Emergency Response Team). vpnMentor opined that the breach could bring some severe ramifications in the future. In case the data was obtained by cybercriminals, they could use it to launch phishing attacks, scams, identify theft, and fraud.
“In addition to personal information, the data breach also revealed details related to various companies in Ecuador. Some of the exposed information may be sensitive. We were able to view many companies’ Ecuadorian taxpayer identification number (RUC), along with each company’s address and contact information. The database also listed each company’s legal representative and provided their detailed contact information,” vpnMentor said in a statement.
Ecuador isn’t the only country to suffer a data breach like this. Recently, the Bulgarian tax agency suffered a breach that affected around 5 million Bulgarians of the country’s 7 million population. The Bulgarian police have arrested the suspected hacker who allegedly stole the data and emailed download links to local media agencies. The police launched an investigation to know the damage occurred due to the incident.
It’s believed that the compromised data belonged to the country’s National Revenue Agency (NRA), a department of the Bulgarian Ministry of Finance. Boyko Borissov, the Bulgarian prime minister, called an emergency meeting after the cyber-attack.