Approximately 20.8 million Ecuadorians (including adults, children, and deceased individuals) were victims of a massive data leak. Was it a simple oversight—or a deliberate leak with criminal intent?
We live in an era where such incidents should no longer occur. The technology and protocols needed to prevent and control these types of events already exist. In Latin America, although there is growing awareness of the risks, actions are still lacking when it comes to fostering a culture of information protection. Countries like Colombia, Peru, Chile, Mexico, and Brazil have enacted data protection laws, yet a significant corporate and personal cultural gap remains—one we must urgently address.
In August 2023, Ecuador suffered one of the largest data breaches in its history—and in the region. This event should serve as a wake-up call for companies and governments alike. Cyberattacks can happen to anyone.
Image 1: Type of Information Leaked
The leaked data puts every Ecuadorian at risk of ransomware, phishing, identity theft, kidnapping, trafficking, even murder. Why? Because once this information is exposed, criminals can use social engineering to exploit it. For them, this kind of access is a goldmine. On the black market, this information is highly valuable and can be sold for significant profit.
Protecting the information of your clients, employees, citizens, students, and retirees is not just a moral obligation—in many countries, it’s a legal one as well.
Could This Data Breach Have Been Prevented?
The answer is a resounding YES.
If Novastrat—and public and private organizations in general—had strategically evaluated the value of their data, measures could have been taken to secure it. The market offers a wide range of tools to help prevent data leaks, such as:
- Firewalls
- DLPs (Data Loss Prevention tools)
- ADCs (Automatic Data Classifiers)
- Antivirus and anti-ransomware solutions
Most data leaks occur due to carelessness, lack of training, and underestimating the value of data. But the consequences aren’t just reputational or financial—they set the entire country back. Ecuador is currently operating in an environment that fails to understand the true value of information. And on the black market, everything has a price.
According to the Armor 2019 Black Market Report:
- Credit card data in digital form sells for $5 to $35 per record
- Business documents cost $800 to $1,700
- Hiring a ransomware attacker costs $225 to $1,000
Now imagine—how much would someone pay for 21 million personal records?
What Are the First Steps to Prevent Data Leaks?
Buying security tools without first identifying which information is worth protecting is not the right approach. According to ISO 27001 and the GDPR (Europe’s data protection law), the first step to protecting information is to identify what is sensitive.
If Novastrat had previously recognized the importance of its data and user access, the breach could have been avoided.
Data classification is becoming an essential component of modern security practices. Only 20% of business data resides in databases (structured data), while 80% exists in documents like Word, Excel, PowerPoint, and PDFs (unstructured data).
This raises key questions:
- How do you detect confidential documents among millions?
- Who has access to those documents?
- How is your information handled internally and externally?
How Kriptos Can Help
Kriptos specializes in preventing data leaks by helping organizations locate confidential information using advanced security software powered by Artificial Intelligence. Our solution allows companies to identify and classify sensitive data and automatically apply protection tools like DLPs.
If you’re concerned about the safety of your employees, colleagues, citizens, or retirees—and want to prevent information leaks—request a free security assessment at demo@kriptos.io and discover how protected your organization really is.
