The Ecuadorian Ministry of Telecommunications and Information Security has announced an investigation into data analytics company Novaestrat after news broke this week that the company left an Elasticsearch server open without any password protection, allowing open access to the data.
According to officials, Novaestrat was not supposed to have the data in the first place. The data included the personal information of nearly 21 million Ecuadorians, including 6.7 million children, 7.5 million financial and banking records, and 2.5 million records relating to car ownership.
According to reports, the Ecuadorian government believes the company obtained the information of almost all of the country’s citizens when it was awarded government contracts during the former political regime between 2015 and 2017.
The government reacted quickly, and following the announcement of the investigation, law enforcement raided Novaestrat’s office, seized computers and arrested Novaestrat’s general manager.
The data breach is the largest in Ecuador’s history.