Data on almost every Ecuadorean citizen leaked

  • Published
Ecuadorean flagImage source, Getty Images
Image caption,
The data appears to have been used to help target marketing

Personal data about almost every Ecuadorean citizen has been found exposed online.

Names, financial information and civil data about 17 million people, including 6.7 million children, was found by security company vpnMentor.

The massive cache of data was found on an unsecured cloud server almost anyone could look at.

Access to the server has now been restricted thanks to Ecuador's computer emergency security team.

Serious breach

"The data breach involves a large amount of sensitive personally identifiable information at the individual level," wrote Noam Rotem and Ran Locar, from vpnMentor.

As well as basic identity data, the exposed files include:

  • official government ID numbers
  • phone numbers
  • family records
  • marriage dates
  • education histories
  • work records

The cache of information also included some financial records tallying account balances of customers of one large Ecuadorean bank. Tax records, including official revenue ID numbers for companies, were found on another file.

"This data breach is particularly serious simply because of how much information was revealed about each individual," the security researchers said.

The pair said they had found the 18GB of data spread across a variety of files saved on an unsecured server set up and run by Novaestrat - an Ecuadorean marketing and analytics company.

Novaestrat has not yet responded to a BBC News request for a comment or statement.

The news about the data breach was broken on the ZDNet website by reporter Catalin Cimpanu, who said it would be "as valuable as gold in the hands of criminal gangs".

Simple searches of the data could reveal lists of wealthy Ecuadoreans, their home addresses, if they had children, the cars they drove and their registration plate numbers, he said.

Access to the data had been cut off after the Ecuador Computer Emergency Response Team had been alerted, Mr Cimpanu wrote.