Detailed information on more than 20 million people — most of them thought to be Ecuadorean nationals — was found on an unsecured server in Miami, providing identity thieves and scammers a treasure trove.
The internet security firm vpnMentor said it discovered the cache of information during a routine scan of the internet and that the data breach had been closed last Wednesday.
While the scale of the leak wasn’t massive by global standards (Yahoo.com exposed information on more than 5 billion people in 2013) it was huge for Ecuador. The South American nation has a population of about 16 million, meaning that virtually everyone in the country was potentially compromised.
The breach, vpnMentor said, involved “a large amount of sensitive personally identifiable information,” including names, addresses, marriage dates, employment information and national identification numbers, or cédulas. The data also included banking information for accounts tied to Ecuador’s Social Security Institute Bank, or BIESS.
“One of the most concerning parts about this data breach is that it includes detailed information about people’s family members,” vpnMentor said. “For each entry, we were able to view the full name of their mother, father, and spouse.”
The company said the data appeared to have been pulled from government registries, an automotive association and from the BIESS bank.
The Florida-based server that the data was found on was thought to belong to Ecuadorian company Novaestrat, an internet consulting and marketing company, vpnMentor said. Novaestrat did not immediately answer phone calls or email messages.
The Ecuadorian government also didn’t immediately respond to requests for comments.
“This data breach is particularly serious simply because of how much information was revealed about each individual,” vpnMentor said. “Scammers could use this information to establish trust and trick individuals into exposing more information.”