Approximately 20.8 million Ecuadorians (Adults, Kids, and Deceased) were victims of a massive information leak. A simple oversight or an information leak with a criminal agenda behind it?
We are in an era where these types of errors should not succeed. There are technology and protocols available to avoid and control these types of incidents. In Latin America, while there is greater awareness about the danger that lurks, actions are not taken that help in shaping the culture towards the protection of information. In certain countries like Colombia, Perú, Chile, Mexico, and Brazil, laws are already in place for the protection of information, but nevertheless, there is still a large corporate and personal cultural gap in which we must work.
In the past month of August, Ecuador suffered one of the largest data breaches in their history and the regions. This event should serve as a trigger for companies and governments to realize that they can very easily become victims of cyberattacks.
Image 1: Type of Information Leaked
The information that was leaked makes all Ecuadorians targets of ransomware attacks, phishing, identity theft, kidnapping, trafficking, murder, among others. Why? A result of the information leak, criminals can use social engineering to scam those affected. That is, a thief in possession of such information won the lottery because the information they hold is highly valued in the black market, allowing large profits.
Caring for the information of your clients, workers, citizens, students, and retired is a moral obligation and like in other countries, a legal obligation as well.
Could we have avoided this data breach?
The answer is an overwhelming YES. If you had thought and acted strategically and consciously about the value of the information, not only the owners of Novastrat, but overall, public and private companies could have taken measures to protect their information. The market offers a variety of tools to prevent data leakages like; FIREWALLS, DLPs (Data Loss Prevention), ADCs (Automatic Data Classifiers), antivirus, anti ransomware, are some of the most common tools.
Information leakages are mainly due to carelessness, lack of training, and an underestimate of the value of the information. The problems with information leakages are not only reputational and monetary; they make us move back as a country. Ecuador has fallen into an environment that does not understand the real value of data. In the black market everything has value and information is no different.
According to, THE ARMOR 2019 BLACK MARKET REPORT, obtaining credit card data in digital form in the black market costs between $5 and $35 per registration; obtaining business documents costs between $800 and $1700, hiring an underground ransomware attack costs between $225 and $1000. How much do you think someone would be willing to pay criminals for 21 million registrations of personal information?
What are the first steps to protect against data leakages?
Acquire security tools without even knowing before which information is worth protecting is not the best way way to cope with the problem. According to the norms of ISO 27001 and GDPR (Information security framework and the data protection law in Europe), before protecting the information it is important to identify which information is sensitive. If Novastra had previously identified the importance of their data and access to users, they could have protected them.
Classifying the information is a job that gains more and more relevance in good security practices. Barely 20 percent of information in a business are databases (structured information), while 80% of the information in a business is contained in documents (unstructured information); in other words, Word, Excel, Powerpoint, and PDF Documents.
The most important questions are what should be done at the beginning: How to detect confidential documents among millions of documents? Who has access to those documents? How do users handle our information internally and externally?
Our company, Kriptos, specializes in the prevention of information leakages, by helping businesses locate confidential information with a sophisticated security software that utilizes artificial intelligence. It allows the business to identify sensitive information and then automatically protect with protection tools (DLPs).
If you are worried about your employees, colleagues, citizens, retirees, and others; and are looking for tools to prevent information leakages you can request a free assessment at firstname.lastname@example.org and find out how safe your organization is.