Ecuador is investigating a data breach in which the personal data of up to 20 million people was made available online.

In a blog post, vpnMentor said that its research team, led by Noam Rotem and Ran Locar, discovered the data breach on an unsecured server located in Miami, Fla. The server appears to be owned by Ecuadorian company Novaestrat, a consulting company that provides services in data analytics, strategic marketing, and software development. The vpnMentor research team discovered the breach as part of its large-scale web mapping project.

The data breach involves a large amount of sensitive personally identifiable information at the individual level, the blog said, and may involve 20 million people. Ecuador has a population of around 16 million people.

Although the exact details remain unclear, the leaked database appears to contain information obtained from outside sources.

According to the blog post, some examples of the personal information that the vpnMentor team could find include:
the could find:

  • full name (first, middle, last)
  • gender
  • date of birth
  • place of birth
  • home address
  • email address
  • home, work, and cell phone numbers
  • marital status
  • date of marriage (if applicable)
  • date of death (if applicable)
  • level of education

The leaked information also brought up specific financial information related to accounts held with the Ecuadorian national bank Biess (El Banco del Instituto Ecuatoriano de Seguridad Social), including:

  • account status
  • current balance in the account
  • amount financed
  • credit type
  • location and contact information for the person’s local Biess branch