Data analytics company Novaestrat suffered a data leak. In all, 20.8 million records were exposed. In response, the executive of the company has been arrested.
There’s been a major data breach that took place. Data analytics company, Novaestrat, suffered a data leak that exposed 20.8 million Ecuadorian records. Just for context to gauge the severity of the leak, as of 2017, the population of Ecuador measured at 16.62 million people. An explanation about why the number is bigger is that there are also duplicate records in the database. So, essentially, it wound up being the entire population of the country. The data set even included 6.7 million children. That aspect grabbed a few headlines in and of itself.
More from ZDNet:
The personal records of most of Ecuador’s population, including children, has been left exposed online due to a misconfigured database, ZDNet has learned.
The database, an Elasticsearch server, was discovered two weeks ago by vpnMentor security researchers Noam Rotem and Ran Locar, who shared their findings exclusively with ZDNet. Together, we worked to analyze the leaking data, verify its authenticity, and contact the server owner.
The leaky server is one of the, if not the biggest, data breaches in Ecuador’s history, a small South American country with a population of 16.6 million citizens.
What was in the data set is quite extensive as well. More from the report:
The most extensive data was the one that appears to have been gathered from the Ecuadorian government’s civil registry.
This data contained entries holding citizens’ full names, dates of birth, places of birth, home addresses, marital status, cedulas (national ID numbers), work/job information, phone numbers, and education levels.
ZDNet verified the authenticity of this data by contacting some users listed in the database. The database was up to date, containing information as recent as 2019.
Now, you might recall how Ecuador reacted when someone simply worked on behalf of the defence of Swedish developer Ola Bini. In that case, that technical expert had his come raided by police. During the raid, police refused to allow him to access the warrant that sparked the raid in the first place. So, you might think that authorities might not mess around in this case as well. You’d think correctly.
Authorities in the country, in response to the data leak, arrested the owner of Novaestrat right after the data leak was discovered and reported on. From ZDNet:
Ecuadorian authorities have arrested the executive of a data analytics firm after his company left the personal records of most of Ecuador’s population exposed online on an internet server.
The news that his staggering amount of information had leaked online sent a shockwave through the small South American country, but the Ecuadorian government reacted immediately.
In a press conference held on Monday, after news of the massive breach broke, the Ministry of Telecommunications and Information Society announced an investigation into Novaestrat, the source of the leak.
Officials said the company was not supposed to be in possession of the data it had, and that the company and its managers had been put under investigation on charges of violation of privacy and dissemination of personal information without authorization.
It’s unclear if the company is watching the Ola Bini case closely, but in a strange twist of fate, they might find themselves looking on in the case nervously. After all, the outcome of the Bini case could be a sign of things to come for the company owner and its managers at this point.
Drew Wilson on Twitter: @icecube85 and Facebook.
Is there anyway of getting the complete name of the hierarchy at Novaestrat?
How were the Ecuadorian officials allowed to arrest in the United States?
Is everyone aware that Julian Assange has been sentenced to extradition this Sunday SEPTEMBER 22,2019!!!!!!