September 19, 2019 Avdhesh Singh
Ecuador officials have arrested the general manager of IT
consulting firm Novaestrat after the personal details of
almost the entire population of the Republic of Ecuador
left exposed online in what seems to be the most
significant data breach in the country’s history.
Personal records of more than 20 million adults and
children, both dead and alive, were found publicly exposed
on an unsecured Elasticsearch server by security firm
vpnMentor, which made the discovery during its large-scale
For a country with a population of over 16 million people,
the breach exposed details of almost every Ecuadorian
citizen, including President Lenín Moreno as well as
WikiLeaks CEO Julian Assange, who was given political
asylum in the country in 2012.
The unsecured Elasticsearch server, which was based in
Miami and owned by Ecuadorian company Novaestrat, contained
18GB cache of data appeared to have come from a variety of
sources including government registries, an automotive
association called Aeade, and an Ecuadorian national bank
Data Breach Exposes Personal Data of Almost Entire Ecuador
The cache reportedly contained everything from full names,
gender, dates and places of birth, phone numbers and
addresses, to marital statuses, national identification
numbers (similar to social security numbers), employment
information, and details of education.
The cache also contained specific financial information
related information to accounts held with the Ecuadorian
national bank Biess, including person’s bank account
statuses, current balances and credit type, along with
detailed information about individuals’ family members.
William Roberto G Arrested in Ecuador Data Breach Case
vpnMentor notified the Ecuadorian Computer Incident
Response Center (EcuCERT) of the breach, who then
immediately informed Novaestrat, the online data consulting
firm in the city of Esmeraldas who owned the unsecured
server, which was later taken offline on September 11.
Authorities Investigating Company Allegedly Responsible for
As part of the investigation, Ecuadorian officials also
said in a statement on Tuesday that they had arrested the
manager of Novaestrat identified as William Roberto G and seized electronic equipment, computers, storage devices,
and documentation during a raid at his home.
Roberto has been taken to the Ecuadorian capital, Quito, by
the authorities for questioning and may face criminal
Also, given the privacy concerns surrounding the incident,
the country’s Minister of Telecommunications said legal
actions would be taken against the affected institution
to sanction private companies responsible for violating
privacy and publicizing personal information without
The Minister of Telecommunications also said it is planning
to pass a new data privacy law in the country, which they
have been working for the past eight months, to protect the
personal data of its citizens.
This is not the first time when the country has suffered a
significant data security breach.
In 2016, hackers managed to steal $12 million from an
Ecuadorian bank, Banco del Austro (BDA), by breaching its
Swift payment system.
However, the latest Ecuador’s breach recalled Bulgaria
history’s biggest data breach that took place on July 2019
and exposed personal and financial information of 5 million
adult Bulgarian citizens out of its total population of 7
million people—that’s over 70% of the country’s population.
Have something to say about this article? Comment below or
share it with us on Facebook, Twitter or our LinkedIn Group.