Ecuador Data Breach the Result of Cloud Vulnerability

September 18, 2019 David Higgins

A recently discovered breach exposed data on almost every one of Ecuador’s approximately 17 million citizens, including 6.7 million children. Aside from the scale, this breach is making front-page news for the sheer breadth of exposed information. The exposed files contained official government ID numbers, phone numbers, family records, marriage dates, education histories and work records.

This breach was made possible by a vulnerability on an unsecured AWS Elasticsearch server – where Ecuador currently stores some of its data.  This data breach reinforces the importance of understanding the security controls a chosen cloud provider has in place and what organizations may need to do to augment those policies and procedures.

Most cloud providers operate under a shared responsibility model, where the provider handles security up to a point and, beyond that, it becomes the responsibility of those using the service. Public cloud providers provide straightforward guidance on their shared responsibility models for security and compliance in cloud environments, but the unfortunate reality is that this guidance often gets ignored.

In fact, recent data from the CyberArk annual Global Advanced Threat Landscape report found that 75% of respondents rely primarily on cloud providers’ built in security and around half of organizations don’t have a strategy in place for securing privileged data and assets in the cloud.  This represents an open door for malicious actors.

Ecuador isn’t the only government to expose its citizens’ data through an unsecured cloud server and probably won’t be the last.  A similar Elasticsearch server exposed the voter records of approximately 14.3 million people in Chile, around 80% of its population.

As more and more government agencies look to the cloud to help them become more agile and better serve their citizens, it’s vital they continue to evolve their cloud security strategies to proactively protect against emerging threats – and reinforce trust among the citizens who rely on their services.

Previous Article
In Digital Business, Don’t Sacrifice Security for Speed
In Digital Business, Don’t Sacrifice Security for Speed

Today’s businesses must move at the speed of innovation to remain relevant. That means embracing digital te...

Next Article
Go Passwordless with FIDO2 and Web Authentication
Go Passwordless with FIDO2 and Web Authentication

FIDO2 authentication can be used as a single (passwordless) strong authentication method, or in conjunction...