Ecuador opened an investigation following the discovery, on an insecure server, of information about the identity or tax regime of a large part of its population.
Names, first names, family links, bank account numbers, salary amount or employer's name: the discovery of an 18-gigabyte database containing the personal data of more than 20 million people, almost all of them the population of Ecuador, triggered the opening of a government investigation and the holding of first hearings by the police, Tuesday, September 17.
Two officials of the Ecuadorian company Novaestrat were heard in the context of the investigation, which was opened for alleged violation of privacy. Their company is mentioned in the report published by hackers on the site vpnMentor, announcing the discovery of the flaw. "The data leak contains a large amount of personal, sensitive and identifiable data", warned the text, whose authors present themselves as "Researchers and ethical hackers".
The group warned the authorities before publicizing the loophole, and an intervention by the country's emergency computer security team restricted access to the database as of September 11 – vpnMentor did not specified how long the server remained accessible without protection.
Government Register and Banking Institution
This information would come from, among other things, registers of the Government of Ecuador as well as an association of automobile companies and two banks. Telecommunications Minister Andrés Michelena told the media that"An Ecuadorian private company has unfortunately subtracted information possibly from two or three public institutions (…) during the scheme former President Rafael Correa (2007-2017), fierce opponent of his former ally and successor Lenin Moreno.
"It's a very sensitive issue, it's a big concern for the whole government and the state"On Monday, Ecuadorian Minister of the Interior Maria Paula Romo Rodrigues told a press conference. "We are working on the subject with the different institutions concerned, not only those who have had their data stolen, but also the various institutions that are responsible for security issues"said the minister.
Ecuador without law on personal data
Ecuador has 17.3 million inhabitants, the vast majority of which would appear in the database, which was discovered on an unsecured server located in Miami, on the East Coast of the United States. Some three million additional profiles appeared in the file, including that of the founder of WikiLeaks, Julian Assange, noted by the hackers who discovered the flaw.
In April, the Ecuadorian government denounced more than 40 million cyberattacks against public institutions after it withdrew the asylum to the founder of WikiLeaks site, Julian Assange, refugee since 2012 in the embassy of the country in London. He had assigned them to groups related to Australia. The Ecuadorian state is today deprived of a personal data protection legislation: the government must present this week a bill to the National Assembly on the subject.