The news broke out today that an IT firm’s manager has been arrested after personal details of almost ENTIRE population of Ecuador was left exposed online. “Personal records of more than 20 million adults and children, both dead and alive, were found publicly exposed on an unsecured Elasticsearch server by security firm vpnMentor, which made the discovery during its large-scale mapping project. For a country with a population of over 16 million people, the breach exposed details of almost every Ecuadorian citizen, including President Lenín Moreno as well as WikiLeaks CEO Julian Assange, who was given political asylum in the country in 2012.” This is some serious stuff.
What happened?
Per the article “The unsecured Elasticsearch server, which was based in Miami and owned by Ecuadorian company Novaestrat, contained 18GB cache of data appeared to have come from a variety of sources including government registries, an automotive association called Aeade, and an Ecuadorian national bank called Biess. The cache reportedly contained everything from full names, gender, dates and places of birth, phone numbers and addresses, to marital statuses, national identification numbers (similar to social security numbers), employment information, and details of education. The cache also contained specific financial information related information to accounts held with the Ecuadorian national bank Biess, including person’s bank account statuses, current balances and credit type, along with detailed information about individuals’ family members.”
From what I read it seems that the government and its telecom agencies are going to take strict actions against the private companies. Ecuador is also amidst passing a new data privacy law which they have been apparently working on for almost a year now.
Source Article Link: https://thehackernews.com/2019/09/ecuador-data-breach.html
Leave a Reply
You must be logged in to post a comment.