It’s not often you hear about a data breach that affects the whole citizenry of a nation, but recently two security researchers uncovered just that.
The researchers, Noam Rotem and Ran Locarhave, discovered one of the largest personal data breaches to date — a breach so large that it may likely affect the whole nation of Ecuador.
Ecuador’s Entire Population Affected By Possible Data Breach
Some 20.8M records which were stored in Florida on an unsecured server have been compromised. Owned by an Ecuadorian company, many of the records are duplicates, but vpnMentor reports that the “majority of the affected individuals seem to be located in Ecuador. Some of the information includes government registries, automotive records, and banking information from Ecuador’s national bank.
VpnMentor even found Julian Assange listed in the database who was the whistleblower living in the Ecuadorian embassy under asylum before being extradited this year. The vast majority of the records were related to ordinary citizens. It was even possible to construct full family trees from the information. Employer information, level of education, addresses, educational backgrounds, credit types, bank account status, incomes, and other personal details were all readily available on the server.
Consequences Still Unknown
Luckily, the security breach has been dealt with accordingly. The Ecuador Computer Emergency Response Team (CERT) acted immediately when contacted by the researchers. The database was ‘closed,’ but the information was public for an unknown amount of time. So, the database may have already been downloaded by malicious parties.
According to Ian Thorton-Trump, head of cybersecurity at Amtrust International, “From the cyber-perspective, sensitive data like the information disclosed tends to validate the information used in targeted phishing and fraud scams.” That’s the fear with this recent compromised material — the entire country of Ecuador might now be subject to phishing scams if the database was downloaded before it was shut down.
As of now, it’s impossible to tell whether or not the data is in safe hands.
Ultimately, the entire situation underscores the need for safe, decentralized systems. The fact that an entire country’s personal information was stored on one server is deeply troubling. At the very least, data should be distributed on multiple sites to ensure it is verifiable and secure. The establishment of peer-to-peer decentralized networks via a distributed ledger system, one which protects privacy and thwarts hackers, will prove to be the only way to prevent these issues in the future.
Do you suspect that this data was already downloaded before authorities could shut down the server? Let us know your thoughts in the comments down below.