QUITO – Ecuador’s government acknowledged on Monday it had suffered a massive leak of personal data belonging to millions of its citizens and blamed officials linked to the previous administration, while it denied there had been any hacking involved and claimed the information was still protected.
“We have an Ecuadorian private company that has retrieved information from possibly two or three public institutions, which worked under the previous government regime,” Ecuadorian Telecommunications Minister Andres Michelena said.
The senior official said the data had been taken from the bases of the national information system created by the administration of former President Rafael Correa (2007-17) to combine government data on social protection, health care and education.
“Unfortunately, the protocols that protect personal data have not been followed,” the minister added.
During the press briefing at the government’s headquarters, Michelena was reacting to the news that had emerged earlier in the day after Israeli company vpnMentor told EFE that the personal data of some 20 million Ecuadorians – including some who are deceased – had remained exposed on a server in Miami belonging to an Ecuadorian firm.
The company in question is Novastratech SA, which offers data analysis services and is headquartered in Ecuador.
Michelena confirmed that the government had been alerted about the issue on Sept. 11 and said that the apparent data breach of the external private server in Miami was being investigated.
“Immediately, through Arcotel (the Ecuadorian Telecommunications Regulation and Control Agency), we implemented the protocols needed to protect data,” the minister said before assuring citizens that the information was protected and had not been the target of a hack or cyberattack.
Once the news emerged, President Lenin Moreno tasked the interior minister, Maria Paula Romo – as well as Michelena – with explaining the situation to the media and providing updates on the ongoing investigation.
Michelena said that a criminal investigation had been launched due to the alleged involvement of former public officials linked to Correa.
“We have investigated what company it is, who its owners are, where they have worked,” he said.
Despite the government’s assurances that the information was protected, the leaked data could have been subject to analysis by various intelligence agencies.
Ecuador was the target of no less than 40 million cyberattacks after it revoked the political asylum granted at its London embassy to WikiLeaks founder Julian Assange.
Meanwhile, the interior minister told reporters that the violation of Ecuadorians’ personal data was “very serious” and that several crimes may have been committed.
Romo recalled how the government had been harshly criticized “for putting the issue on the table and investigating the people we believe are engaged in these activities.”
She was making a reference to the April 11 arrest of Swedish computer scientist Ola Bini, a friend of Assange’s, for allegedly gaining unauthorized digital access to public institutions.
The case against Bini has yet to be settled by a court.