Welp, 2019 is shaping up to be the year of nationwide data breaches. After Bulgaria and Chile, Ecuador has suffered a colossal data leak, containing the personal information for over 20 million individuals — including the personal details of Wikileaks founder Julain Assange who was granted political asylum in 2012.
Out of the 20 million individuals affected by the breach, 6.7 million are children.
Among other things, the data exposed sensitive details like names, addresses, national identifiation numbers, phone numbers, and martial status. The leaked cache contains about 18GB of data, according to security researchers from vpnMentor who discovered the breach.
The data was hosted on an unsecured server located in Miami, Florida. The researchers say seems to belong to Ecuadorian IT consulting firm Novaestrat. “Although the exact details remain unclear, the leaked database appears to contain information obtained from outside sources,” vpnMentor notes in a blog post.
“One of the most concerning parts about this data breach is that it includes detailed information about people’s family members,” the researchers added. “For each entry, we were able to view the full name of their mother, father, and spouse. We were also able to view each family member’s ‘cedula’ value, which may be a national identification number.”
In another part of the cache, the researchers found detailed employment information, including employer name, tax identification numbers, job titles, and salary information.
While the data leak has been plugged since then, the researchers note it could create long-lasting privacy concerns for affected individuals, including heightened risk of scams and phishing attacks, identity theft, and financial fraud,
Back in July, Bulgaria suffered a similar incident after the data of 5 million citizens — including personal identifiable numbers, addresses, and income stats — got leaked. For context, Bulgaria has a population of 7 million. All data originated from the country’s tax reporting service, the National Revenue Agency (NRA).
Weeks later in August, security firm WizCase stumbled upon a massive leak, containing identifiable information belonging to 14 million Chilean residents above the age of 17. While the data came from an unsecured Elasticsearch engine on an exposed server, the researchers couldn’t identify who owned the trove.