Ecuador Data Breach: An Entire Nation’s Data ExposedJames Stickland | October 2, 2019
Over 20 million Ecuadorians have had their personal data exposed online in a massive and unprecedented national data breach owing to an unsecured server. The Ecuadorian government confirmed that the details of 16.5 million living citizens, of whom 7 million are minors, as well as several million deceased individuals were exposed. The breach disclosed a vast and shocking amount of personal information, including names, date and place of birth, national identification numbers, tax numbers, employment information, as well as financial and car ownership records.
Controlling who has access to this data is impossible since it’s been leaked online, making the entire population vulnerable to identity fraud. To limit the potential damage from this breach, Ecuador would see the greatest value in adopting biometric authentication. In 2012 Ecuador deployed a nationwide biometric database, which service providers should be taking advantage of to perform identity verification in the short term whilst enrolling users in a secure biometric authentication platform.
Another significant issue raised in this data breach is securing the data of deceased citizens, which could be prevented through implementing a multi-biometric authentication system with liveness detection. This innovative, active method of detection identifies users performing an action, such as blinking or other facial movements, making it far more difficult and time consuming for a malicious actor to defraud the system.
Any government or organisation looking to implement a biometric database must look at how to do so in the most secure way possible, with visual cryptography widely regarded as one of the safest methods. Visual cryptography digitally encrypts sensitive biometric data into various files that then contain no usable biometric data themselves, eliminating the riskier elements of traditional cryptographic methods. This technique also reduces the quantity of data being transferred, thus minimising the risk of intermediary attacks. The threat if stored data is stolen is also mitigated against, as it is useless without its paired image. In this way, by adding biometrics to any authentication system, privacy is ensured whilst enhancing security – without the associated costs.