Marketing analytics company leaks deep profiles of entire Ecuador population

Infosec_SamInfosec_Sam Security+, CCENT, ITIL Foundation, A+Madison, WIAdmin Posts: 516 Admin
I've seen quite a few high-profile data breaches over the past few years, but none of them have really stuck fear into my heart quite like this one. The entire population of Ecuador lost data containing their name, SSN, banking information, employment information, and family members, all from a marketing analytics company! Really makes me wonder what a cabin in the woods would cost..

“For each entry, we were able to view the full name of their mother, father, and spouse,” researchers said in a Monday blog post. “We were also able to view each family member’s ‘cedula’ value [Ecuador’s equivalent of a Social Security number].” They added that using that number, it’s possible to pull up each family member’s record.

And, the personal information doesn’t stop there. The collected data also includes various automotive records, such as a car’s license plate number, make, model, date of purchase, most recent date of registration, and other technical details about the model, all linked to individuals via their identification numbers. The bank information meanwhile includes account status and balances, loan information, and the location and contact information for the person’s local bank branch. And, also included is detailed job information, including employer name and location, job title, salary information and job start and end dates.
Read the full article here »
Community Manager at Infosec!
Who we are | What we do

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,886 Admin
    PII breaches will only continue and grow in scope. We need to re-engineer what is PII so this type of information is basically useless without additional factors of authentication that can't be (easily) stolen. We also need to educate people that some types of information they think is private (e.g., where you work and live and bank, what you buy, what you pay to live where you do, your registered political party, etc.) is actually public information.
Sign In or Register to comment.