The South American nation Ecuador had personal data of up to 20 million people leaked to the internet. This is more than the country's population of roughly 17 million.
The government started investigating the issue, after a report and an inquiry by vpnMentor, an internet security firm, alerting the Ecuador's Computer Emergency Response Team about an enormous security failure that exposed the data of Ecuadorian adults and children, both dead and alive.
According to vpnMentor, the 18GB cache data included names, social security numbers, and contact information. Other sections of the leaked database contained employment information that include job titles and salaries, as well as bank details, with account numbers and balances.
Among the data, vpnMentor said, belonged to the President, as well as Julian Assange, the founder of WikiLeaks, who lived in the Ecuadorean Embassy in London from 2012 until when his asylum protection was withdrawn earlier this 2019.
The data appeared to come from multiple sources, including Ecuadorian government registries, an Ecuadorian national bank and an automotive association, according to vpnMentor.
The database was located in Miami, Florida, and was put offline on September 11th.
While a statement from the attorney general did not indicate whether anyone had gained access to the data while it had been vulnerable, the government is not taking any chances.
Ecuadorean officials said that they had detained a man identified as William Roberto G., whom they described as the legal representative of Novaestrat, a small online data consulting firm in the city of Esmeraldas, that operate the leaked database.
After taking him for questioning in the capital, Quito, the local authorities raided Novaestrat’s office, which also served as William Roberto G's residence.
The country's Minister of Telecommunications has also been detained, according to reports.
The attorney general’s office said the company, which was founded by former top telecommunication officials, was suspected for being responsible for the breach.
"This is a very delicate issue that is a major concern for the government," said Ecuador’s Interior Minister, Maria Paula Romo, in a news conference. She declined to provide further details, citing a continuing inquiry.
Esta tarde / noche la @PoliciaEcuador realizó el allanamiento del local señalado como domicilio de #Novaestrat que es además el domicilio de uno de sus directivos.
Allanamiento se hizo con orden de juez en el marco de la investigación que conduce @FiscaliaEcuador pic.twitter.com/toD79a1FDO— María Paula Romo (@mariapaularomo) September 17, 2019
Ecuador is experiencing a rapid pace of digitalization of personal data, pursued by the government. Earlier in 2019 for example, the Ecuadorean authorities admitted to using Chinese facial recognition technology to reduce crime.
And this leak was a huge blow to the country.
As for Novaestrat, people have expressed concerns about how a less than three-year-old company with a capital of just $3,000 was given access to such extensive amount of sensitive information. The country’s privacy advocates have for years warned of the risks posed by the lack of a data protection law in the country.
Ecuador President Lenín Moreno promised to fast-track a data protection law to prevent such thing from happening again.
Previously, Ecuador's Banco del Austro had its servers breached by hackers in 2016. The hackers managed to stole $12 million by breaching the bank's Swift payment system.