Highly sensitive personal and financial information from what appears to be the entire population of Ecuador, including millions of children, was exposed in a massive data breach that has rattled the South American country.
The database includes the full names, home addresses, email addresses, phone numbers, bank account information and numerous other details about more than 20 million people, most of whom are from Ecuador — where the population is around 16 million.
The trove of leaked data was detected last week by the U.S.-based internet security firm vpnMentor’s, which shared a report on its findings on Monday. The firm said the database was found in an unsecured server owned by Ecuadorian company Novaestrat and located in Miami, Fla.
Novaestrat, whose leaders are being questioned by Ecuadorian authorities, is a consulting firm that offers services in data analytics, software development and marketing.
The data seems to involve nearly 7 million children as well as many individuals who are already dead. Even Wikileaks founder Julian Assange is on the list, according to vpnMentor. Assange spent years inside the Ecuadorian embassy in London until he was arrested in April.
The comprehensive database also includes people’s bank account balance, detailed information about their family members, employment information and their national identification number, similar to a Social Security number in the U.S., according to the report.
The internet security firm said the breach was closed on Sept. 11, but it warned that the damage has already been done. Scammers and thieves who may have gotten their hands on the data could target victims with phishing attacks and other crimes.
“This data breach is particularly serious simply because of how much information was revealed about each individual,” the report states. "Scammers could use this information to establish trust and trick individuals into exposing more information.
“For example, a scammer could pretend to be a friend of a family member in need of financial help. They could back up the story with exposed personal information to build trust.”
María Paula Romo, the country’s interior minister, said authorities raided Novaestrat’s office on Monday and seized computers, hard drives and documents. Her office said police were questioning the president and legal representative of the company to determine who was responsible for the breach.
Esta tarde / noche la @PoliciaEcuador realizó el allanamiento del local señalado como domicilio de #Novaestrat que es además el domicilio de uno de sus directivos.
Allanamiento se hizo con orden de juez en el marco de la investigación que conduce @FiscaliaEcuador pic.twitter.com/toD79a1FDO
Telecommunications Ministry Andrés Michelena said the company should be held accountable if it played a role in leaking the massive database.
“If it is confirmed that they attempted against the personal privacy of Ecuadorians, it is a criminal offense that must be punished,” he wrote Monday on Twitter.