The critical vulnerability (CVE-2021-22005) is actively exploited to hit organizations worldwide with RCE. Install the patch now!
VPN Mentor: Millions of individuals in Ecuador are exposed thanks to a huge data breach. Researchers found a leaked database that includes over 20 million individuals, with a variety of high sensitive personal information
Millions of individuals in Ecuador are exposed thanks to a huge data breach. It has been discovered by VPN Mentor cyber security experts, who found a leaked database that includes over 20 million individuals on an unsecured server located in Miami, Florida. According to the company, the server appears to be owned by Ecuadorian company Novaestrat. It’s a consulting company that provides services in data analytics, strategic marketing, and software development. The data breach involves a large amount of sensitive personally identifiable information at the individual level. The majority of the affected individuals seem to be located in Ecuador. Although the exact details remain unclear, the leaked database appears to contain information obtained from outside sources. These sources may include Ecuadorian government registries, an automotive association called Aeade, and Biess, an Ecuadorian national bank. The breach was closed on September 11, 2019.
The data breach involves around 18GB of data
According to the cyber security experts, the data breach involves around 18 GB of data. As many as 20 million individuals may be impacted by this breach, although some of the data seems to involve individuals who are already deceased. To give some context about the scale of this leak, Ecuador has a population of around 16 million people. Individuals in the database are identified by a ten-digit ID code. In some places in the database, that same ten-digit code is referred to as “cedula” and “cedula_ruc”. In Ecuador, the term “cédula” or “cédula de identidad” refers to a person’s ten-digit national identification number, similar to a social security number in the US. The term “RUC” refers to Ecuador’s unique taxpayer registry. The value here may refer to a person’s taxpayer identification number.
Which PIIs the cyber security experts discovered
In order to check the validity of the database, VPN Mentor ran a search with a random ID number. By doing this, the researchers were also able to find a variety of sensitive personal information (PIIs). Here are some examples of the personal information that they found: full name (first, middle, last), gender, date and place of birth, home and email address, home, work, and cell phone numbers, marital status, date of marriage (if applicable), date of death (if applicable), and level of education. The search to validate the database also brought up specific financial information related to accounts held with the Ecuadorian national bank Biess (El Banco del Instituto Ecuatoriano de Seguridad Social). One of the most concerning parts about this data breach is that it includes detailed information about people’s family members, employment, and various automotive records.