GlobalSign Blog

Massive Ecuadorian Data Breaches: The View From a GlobalSign Partner in Ecuador

Massive Ecuadorian Data Breaches: The View From a GlobalSign Partner in Ecuador

It was hard to believe when I heard the news. The personal records of nearly every single resident of my country, including 6.7 million children - even infants -- were exposed due to a colossal data breach. That works out to about 12 million citizens -- about 70 percent of our population! The leak also exposed the personal information of president Lenín Moreno, as well as WikiLeaks founder Julian Assange, who as many know was at one point granted asylum in Ecuador.

According to ZDNet, an Elasticsearch server database was discovered in early September security researchers Noam Rotem and Ran Locar. They worked to analyze the leaking data, verify its authenticity, and contact the server owner.

The data came from multiple sources including Ecuadorian government registries, an Ecuadorian national bank and an automotive association. The information included everything from names, birth dates and contact information to national identification numbers, taxpayer identification numbers, driving records and bank account balances. The data even included detailed information about individuals' family members.

The breach was disclosed on September 11th and the following week, Ecuador officials arrested the manager of IT consulting firm Novaestrat. Almost immediately, the massive data leak has sparked a push in Ecuador to pass new data protection legislation which is very similar to the EU's privacy laws, enabling our citizens to oppose and eliminate the use of their personal data by organizations.

One of the most disturbing aspects of the breach is the fact that not only did the leak expose children to potential identity theft, but it could put them in physical danger since their home addresses were included in the breach, available for anyone to find.

Now just a few weeks later, a second breach has been discovered. According to Bloomberg, the server is located in Germany and is being used by an Ecuadorian company called DataBook. Once again, sensitive data on millions of Ecuadorian citizens, including some who are deceased, has been found on an unsecured server.


As both a partner and a provider of IT services to all of Ecuador, we are going to work with our technology community along with major security solution providers like GlobalSign to prevent future incidents like this.

But we do have some obstacles in this region some may not be aware of.

For example, here in Latin America we are still a bit behind North America in terms of technology implementation. There are many times when, in order for companies to use our solutions, they will have to first upgrade other systems and machines. Not that they are opposed to it all. But it takes time, and of course, money.

Another issue we need to contend with in Ecuador - and really all of Latin America - is that most of the technology we purchase is from the U.S. The fluctuation rate, which is always changing, impacts this. Add to the complexity and challenge is that technically we are importing a product and you know what that means – paying taxes on the "import."

What can also be an issue in Latin America that many might not consider is political. When a new regime comes into power this can significantly slow down business. And anyone who watches the news closely in Latin America knows this is not an infrequent occurrence.

Despite our challenges here, we have always had the goal of providing the best security products and solutions for our customers, which is one of the reasons we have been partnering with GlobalSign since 2014.

During this time we have seen an increasing growth in the need for certificate-based solutions we offer on behalf of GlobalSign. Certainly the rise of hackers targeting our citizens has been an important piece of this.

Given what has just occurred in our beloved country, we are going to continue to enable our customers to have the strongest possible security solutions. With GlobalSign, we are successfully enabling secure email, websites and more.

Share this Post

Related Blogs