Researchers have uncovered a trove of data leaked online housing personal information data on nearly every citizen of Ecuador after a “catastrophic” data breach.
It’s said to be one of the largest collections of personal data ever found, and consists of an 18-gigabyte file hosting the personal information of more than 20 million residents of Ecuador. The files were found by researchers that were working on a web-mapping project at vpnMentor on an unsecured cloud server.
The files included many details of deceased individuals, considering there was information found on more than 20 million citizens, and Ecuador’s population is hovering around 17 million. Personal information of as many as 6.7 million children was amongst the leaked data, according to reports.
“This data breach is particularly serious simply because of how much information was revealed about each individual.”
The trove included names, phone numbers, financial information, education histories, employment records, official government ID numbers, family records, marriage dates, licence number and even their vehicle registration. A combination of any of these personally identifiable pieces of information could - and more than likely was used - by hackers to commit fraud and other cyber crimes.
“Scammers could use this information to establish trust and trick individuals into exposing more information.”
“This data breach is particularly serious simply because of how much information was revealed about each individual,” Noam Rotem and Ran Locar said. “Scammers could use this information to establish trust and trick individuals into exposing more information,” they said.
“Although exact details remain unclear, the leaked database appears to contain information obtained from outside sources. These sources may include Ecuadorian government registries, an automotive association called Aeade, and Biess, an Ecuadorian national bank.”
“Tax records and financial records revealing account balances of customers of a large Ecuadorean bank were among the data breached, according to a report from InfoSecurity, who also said that “a simple search of the leaked data would enable anyone to put together a list of wealthy Ecuadoreans that would be the envy of kidnappers everywhere.”
“Taken as a whole, the data revealed not just who had large amounts of money in the bank but also where they lived, if they were married, if they had children, what cars they drove, and the license plates of their vehicles.”
Rotem and Locar stumbled upon the trove of data while searching through files saved on a server in Miami, Florida, which had been established and maintained by an Ecuadorian marketing and analytics company called Novaestrat. The researchers soon contacted the company, who alerted the Ecuador Computer Emergency Security Team and the unsecured server was taken down shortly after on September 11.
The large-scale data leak mirrors that of a recent attack on Chilean citizens who woke up last month to find that voter records of 80% of the country’s 14.3 million citizens had been compromised by a third-party who intercepted the private server.