QUITO – The personal data of almost the entire population of Ecuador has been leaked online, security experts said Monday, in a massive breach the government called a “very delicate” issue.
An estimated 17 million people, including almost 7 million minors and children, had their data exposed by a breach on an unsecured server run by an Ecuadorean marketing and analytics firm.
“The information that I can share with you at this moment is that this is a very delicate issue, it is a major concern for the whole of the government and the state,” said Interior Minister Maria Paula Romo.
Security company vpnMentor uncovered the breach on the server run by the firm Novaestrat, which involved the disclosure of citizens’ full names, dates and places of birth, education levels, phone numbers and national identity card numbers.
ZDNet, the cybersecurity website that first reported the breach, said there was even data on the country’s president and on Julian Assange, the Wikileaks founder who applied for asylum in Ecuador and who spent years holed up in the country’s London embassy before being arrested this year by British police.
As part of his application for asylum, Assange was issued with an Ecuadorean identity card.
The security company contacted Ecuador’s Computer Emergency Response Team to secure the leaked data, ZDNet said.
Romo said the government was “working on an investigation which will permit us in the coming hours to assess who is responsible for what happened.”
“I hope, too, that in the hours to come, the telecommunications ministry will be able to assess more thoroughly technical information about data protection,” she said.