What Enterprises Need to Know About the Ecuador Data Breach

What Enterprises Need to Know About the Ecuador Data Breach

Recently, reports arose of a data breach exposing the personal data of up to 20 million people from the country of Ecuador. The Ecuador data breach may end up being one of the most consequential in history. 

vpnMentor‘s research team discovered the data breach on an unsecured database located in Miami, Florida. Novaestrat, an Ecuadorian data analytics, strategic marketing, and software development company, appears to own the exposed database. According to vpnMentor, Novaestrat drew from national banks, government registries, and automotive associations. 

Currently, Ecuador has a population of 16 million people; therefore, evidence suggests the Ecuador data breach affects every person in the country. Nearly 7 million of those affected were minors. The Ecuadorian State Attorney General’s Office said deceased citizens could account for the additional millions of people.  

The data exposed by the Ecuador data breach includes full names, gender, birth date information, home addresses, and email addresses. More worryingly, the exposed personal information also includes millions of bank account balances, taxpayer-identification numbers, and national identification numbers. 

Ecuador quickly announced the arrest of a Novaestrat executive identified as William Roberto G. He is under investigation on charges of violation of privacy and dissemination of personal information without authorization. Indeed, Novaestrat did not have authorization to collect the information and did not implement password protections on the database. 

What The Ecuador Data Breach Means for You

The effect on consumers and businesses in Ecuador and around the world could prove devastating in the coming months and years. However, American companies can also learn from this data breach: 

  • Protect all of your databases with a bare minimum of password protections. In fact, go beyond passwords and institute step-up authentication for more adequate security. 
  • Remain aware both of the databases in your IT environment (lost databases could come back to haunt you) and the information they store. Never collect information beyond the scope of your business.
  • Also, configure your databases so they do not become public-facing, whether cloud or on-premises.  
  • Conduct regular visibility and threat hunting exercises to find any potential breaches or exposures.

Moreover, you can learn more in our 2019 Identity Management Buyer’s Guide.

 

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner