Recently, reports arose of a data breach exposing the personal data of up to 20 million people from the country of Ecuador. The Ecuador data breach may end up being one of the most consequential in history.
vpnMentor‘s research team discovered the data breach on an unsecured database located in Miami, Florida. Novaestrat, an Ecuadorian data analytics, strategic marketing, and software development company, appears to own the exposed database. According to vpnMentor, Novaestrat drew from national banks, government registries, and automotive associations.
Currently, Ecuador has a population of 16 million people; therefore, evidence suggests the Ecuador data breach affects every person in the country. Nearly 7 million of those affected were minors. The Ecuadorian State Attorney General’s Office said deceased citizens could account for the additional millions of people.
The data exposed by the Ecuador data breach includes full names, gender, birth date information, home addresses, and email addresses. More worryingly, the exposed personal information also includes millions of bank account balances, taxpayer-identification numbers, and national identification numbers.
Ecuador quickly announced the arrest of a Novaestrat executive identified as William Roberto G. He is under investigation on charges of violation of privacy and dissemination of personal information without authorization. Indeed, Novaestrat did not have authorization to collect the information and did not implement password protections on the database.
What The Ecuador Data Breach Means for You
The effect on consumers and businesses in Ecuador and around the world could prove devastating in the coming months and years. However, American companies can also learn from this data breach:
- Protect all of your databases with a bare minimum of password protections. In fact, go beyond passwords and institute step-up authentication for more adequate security.
- Remain aware both of the databases in your IT environment (lost databases could come back to haunt you) and the information they store. Never collect information beyond the scope of your business.
- Also, configure your databases so they do not become public-facing, whether cloud or on-premises.
- Conduct regular visibility and threat hunting exercises to find any potential breaches or exposures.
Moreover, you can learn more in our 2019 Identity Management Buyer’s Guide.
Latest posts by Ben Canner (see all)
- [VIDEO]: Top 3 Key Capabilities of Privileged Access Management - November 21, 2019
- Enterprise Privileged Access Management Advice for 2020 - November 21, 2019
- The Top Identity & Access Management (IAM) Books You Should Be Reading - November 20, 2019