The personal data of almost every citizen of Ecuador has been leaked online in a catastrophic data breach.
The names, phone numbers, and financial information of approximately 20 million Ecuadoreans were found on an unsecured cloud server by researchers working on a web-mapping project at security company vpnMentor.
The enormous 18GB cache of data included personal information relating to individuals who were deceased as well as to the country's living population of approximately 17 million. Personal information relating to 6.7 million Ecuadorean children was among the data leaked.
Exposed files revealed a large amount of sensitive personally identifiable information, such as family records, marriage dates, education histories, employment records, and official ten-digit government ID numbers called cédulas de identidad.
"This data breach is particularly serious simply because of how much information was revealed about each individual," wrote Noam Rotem and Ran Locar from vpnMentor. "Scammers could use this information to establish trust and trick individuals into exposing more information."
Tax records and financial records revealing the account balances of customers of a large Ecuadorean bank were among the data breached.
Rotem and Locar wrote, "Although the exact details remain unclear, the leaked database appears to contain information obtained from outside sources. These sources may include Ecuadorian government registries, an automotive association called Aeade, and Biess, an Ecuadorian national bank."
A simple search of the leaked data would enable anyone to put together a list of wealthy Ecuadoreans that would be the envy of kidnappers everywhere. Taken as a whole, the data revealed not just who had large amounts of money in the bank but also where they lived, if they were married, if they had children, what cars they drove, and the license plates of their vehicles.
Within the leaked records researchers also found an entry and national identification number for WikiLeaks founder Julian Assange, who was granted political asylum by Ecuador in 2012.
Rotem and Locar found the exposed data in a number of files saved on a server located in Miami, Florida, which was set up and maintained by Ecuadorian marketing and analytics company Novaestrat.
After discovering the data cache, vpnMentor contacted Novaestrat. The Ecuador Computer Emergency Security Team restricted access to the unsecured server on September 11, 2019.
The breach follows a similar incident that took place recently in another South American country. Last month, a server was found that exposed the voter records of 80% of Chile's 14.3 million citizens.