Ecuadorians’ Personal Data Found on Unsecured Database Again

(Bloomberg) -- Sensitive data on about 20 million Ecuadorian citizens, including some who are deceased, has once again been discovered on an unsecured server, according to security researchers. The latest finding raises additional questions about who has control over Ecuadorians’ personal information and why it wasn’t secured.

The data was discovered on a server used by an Ecuadorian company, DataBook, according to Ran Locar and Noam Rotem, Israeli computer programmers who do security research in their free time. The two men said the data, which includes names, addresses, workplace, family members, phone numbers, vehicle information and emails, was hosted on a server located in Germany. By Wednesday morning, the website hosting the personal data was down.

The Ecuadorian government’s fast-response IT team, in a statement, said it alerted prosecutors Tuesday of the potentially illegal data breach and asked them to “investigate other companies that presumably are illegally using personal data.”

Earlier this month, the two researchers had found a similar cache of unsecured data of Ecuadorians on a server in Miami, touching off a fierce debate about data privacy in Ecuador and prompting the government to rush forward a bill to protect citizens’ private information.

Locar said the information found on the DataBook server appears to be the similar to the unsecured data discovered earlier in the month but may not be exactly the same. There are 17 million people in Ecuador.

Officials at DataBook didn’t immediately respond to a request for comment. “We are trained with professional experts in text mining, data mining, big data, statistical and mathematical consulting,” a translated version of DataBook’s website states.

Earlier this month, Locar and Rotem discovered the data of 20 million Ecuadorian citizens on the servers of Ecuadorian consulting company Novaestrat and reported their discovery to the Ecuadorian authorities. Following the report, Novaestrat offices in Ecuador were raided, and the country’s Ministry of Telecommunications and Information Society announced an investigation. Prosecutors questioned two Novaestrat officials but they were released.

To contact the reporters on this story: William Turton in New York at wturton1@bloomberg.net;Stephan Kueffner in Quito at skueffner1@bloomberg.net;Nour Al Ali in Dubai at nalali1@bloomberg.net

To contact the editor responsible for this story: Andrew Martin at amartin146@bloomberg.net

©2019 Bloomberg L.P.