A data breach hits everyone in Ecuador; more medical records found online; and the US government sues Edward Snowden

Autumn is in the air, and with the arrival of the new season, data breaches have returned with a vengeance, reminding us all that they’re a fixture of the scene all year around.

And here we thought Equifax would be a turning point in better data security practices.

On Monday, the more than 20 million people living in Ecuador woke up to news that it was very likely that their personal information had been compromised – including names, dates of birth, national identity cards, and phone numbers, ZDNet reports.

The culprit was a leaky Elasticsearch server hosted in Florida and operated by an Ecuadorian data analytics company called Novaestrat.

“Although the exact details remain unclear, the leaked database appears to contain information obtained from outside sources,” said vpnMentor, the security firm that found the breach.

“These sources may include Ecuadorian government registries, an automotive association called Aeade, and Biess, an Ecuadorian national bank.”

Authorities in Ecuador promptly raided the home of the legal representative of Novaestrat and are continuing a criminal investigation into the company and its executives.

The firm reportedly did not have permission to possess the data in question, let alone keep this information exposed online without a password.

It is not yet known whether malicious actors scooped up any of the available data – Ecuador, notably, lacks any data privacy law.

While the exposure incident was reportedly resolved on September 11, the fallout from the breach has impacting everyone from Ecuadorian president Lenin Moreno to former London embassy dweller Julian Assange.

In more why-are-we-still discussing leaky server news, it was revealed that over 2,000 medical image archive systems exposed online.

Security company Greenbone Networks found that these servers – widely used by healthcare providers around the world – offered little to no protection of the information that they hold.

More than 24 million medical records and at least 700 million images, included X-rays and MRI scans, were easily accessible due to careless configuration of systems, Greenbone said.

“Many have no protection, aren’t password protected or encrypted; indeed, even regular, everyday internet users could gain access with a few simple actions,” said Greenbone.

“The number of accessible patient records is frightening,” it added.

This medical data bombshell folows a recent SecurityScorecard analysis, illustrating how the healthcare sector has become one of the prime casualties in data breach dramas, with compromised patient data having risen 50% between 2017 and 2019, The Daily Swig reported this week.

According to the latest poll from US-based think tank Data for Progress, nearly seven in 10 Americans want to see big tech firms broken up.

The survey, conducted with 1,280 American voters and reported by Vox, illustrates that – no matter what their political affiliation – users support policy that blocks mergers such as Facebook’s 2012 acquisition of Instagram.

“On breaking up for content, 56% of people who say they’re very liberal and 47% of people who say they’re very conservative back breaking up Big Tech,” Vox says.

And elections were a hot button topic at this year’s CISA summit, as infosec stakeholders from both the private and public sector alike headed to Maryland to participate in three days of talks, with the upcoming 2020 US Presidential vote high up on the agenda.

Hosted by the Department of Homeland Security’s Cybersecurity and Infrastructure Agency, CISA, the second annual conference kicked off with director Christopher Krebs highlighting the importance and challenges related to securing next year’s election.

Krebs said: “Are there true, absolute fundamental risks in the [election] infrastructure? Yes, but we have to take the hysteria out of the conversation, because ultimately what we do is we drive broader voter confidence down.

“We have to have measured conversations about the risks.”

And finally; the much-anticipated release of a book by NSA contractor turned whistleblower Edward Snowden hasn’t been welcomed by exactly everyone.

On Tuesday, the US Department of Justice filed a lawsuit against Snowden over Permanent Record, the tell-all book of Snowden’s time before and after he leaked confidential intelligence files to the world’s press.

“Intelligence information should protect our nation, not provide personal profit,” said G. Zachary Terwilliger, U.S. Attorney for the Eastern District of Virginia.

“This lawsuit will ensure that Edward Snowden receives no monetary benefits from breaching the trust placed in him.”