Ecuador’s entire population affected by major data breach, investigations continue

Ecuador's Entire Population Affected By Major Data Breach, Investigations Continue Ecuador's Entire Population Affected By Major Data Breach, Investigations Continue
ecuador’s entire population affected by major data breach, investigations continue

Keep up to Date with Latin American VC, Startups News

Contxto – If it wasn’t apparent already, cybersecurity is becoming an undeniable necessity in Latin America. From phishing to ransomware to data leaks, sometimes not even the most advanced security systems suffice when it comes to protecting private information.

Simply consider what recently transpired in Ecuador with its recent data breach that has practically affected the entire population. 

Originally released by vpnMentor, here is a summary of the recent event that’s now causing immense uncertainty throughout Latin America.

Personal information compromised

Behind this discovery were Noam Rotem and Ran Locar. Among their research team, they unveiled a data breach on an unsecured server owned by Ecuadorian consulting company Novaestrat in Miami.

Under criminal investigation, the firm provides services in data analytics, strategic marketing, as well as software development.

Within this massive pool of data was sensitive personal information, the majority belonging to Ecuadorians. So far, the leaked database appears to contain information obtained from external sources. 

Some of these include the Ecuadorian bank El Banco del Instituto Ecuatoriano de Seguridad Social (Biess) as well as the automobile association Aeade.

Major data breach 

Approximately 18 GB of data pertaining to as many as 20 million individuals was reportedly stolen. Considering that Ecuador only has a population of approximately 16 million, this number surpasses even that number.

Even the infamous WikiLeaks Founder Julian Assange, who has lived in the Ecuadorian embassy in London, to escape U.S. extradition for years, had his information unlawfully seized.

Specifically, everyone from this database had individual “entries,” each associated with numerical codes. Colloquially known as a “cedula de identidad,” researchers suspect that these 10-digit identification codes are the equivalent of U.S. social security numbers.

Certain entries also showed what’s expected to be taxpayer-identification numbers (RUC). Here is an example of a typical one:

Ecuador's Entire Population Affected By Major Data Breach, Investigations Continue

To confirm the validity of the database and the hypothesis, researchers used an ID number to make a search. Following suit, they deciphered the compromised information, such as:

  • full name (first, middle, last)
  • gender
  • date of birth
  • place of birth
  • home address
  • email address
  • home, work, and cell phone numbers
  • marital status
  • date of marriage (if applicable)
  • date of death (if applicable)
  • level of education

Within the same inquiry, the team discovered that banking information was another factor. That’s to say, account holders from Biess had some of their personal data breached. This included: 

  • account status
  • current account balance
  • amount financed
  • credit type
  • location and contact information for the person’s local Biess branch

Biggest red flags 

Within this information also pertained to personal data regarding people’s family members.

The majority of the entries also had the full name of people’s mothers, fathers and spouses, not to mention numbers considered to be their unique identification numbers. 

Not only was auto information reaped but even employment information. In terms of job data, this included:

  • employer name, location, and tax identification number
  • job title
  • salary information
  • job start date
  • job end date

Long-lasting effects

Needless to say, Ecuadorian citizens are more vulnerable to identity-related crimes than ever before.

Despite the breach ending on September 11, there could be long-lasting effects for citizens. For example, the exposed personally identifiable information (PII) could result in an increased risk of scam, whether it be over the phone or internet.

After all, now potential scammers have access to people’s full names, addresses, phone numbers, emails, family size, etc. The fact that taxpayer numbers were also stolen means that there’s a higher probability of identity theft and financial fraud.

While the Ecuadorian government will reportedly introduce legislation for preventative measures, there’s much potential for startups to also devise supplemental cybersecurity solutions.

Hopefully, private companies and the public sector will work together to protect citizens from any additional attacks.

Take a look at our database to learn more about cybersecurity startups in Latin America.


CNN recently reported that authorities have raided the home of Novaestrat legal representative “William Roberto G.” where they confiscated electronic devices and computers.

Eventually, police discovered and detained the official in Ecuador’s Esmeraldas province.

“He will be transferred immediately so that the Ecuador prosecutor can gather information in the framework of the investigation that is taking place,” said Ecuador’s Interior Minister Maria Paula Romo.


Keep up to Date with Latin American VC, Startups News