Millions of Panama Citizens Database Breached- Including National ID Number

Panama Citizens Data Breach
Panama Citizens Data Breach

Panama Citizens Database Breached caused by unsecured Elasticsearch server.

The Panama citizens data has been breached including names, addresses and phone numbers.

The Elasticsearch is a search engine based on the Lucene library. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents and it is developed in Java.

Reported by Bob Diachenko from security discovery said, that he identified a massive bulk of data sitting in an unprotected and publicly available Elasticsearch cluster (hence visible in any browser).

The database contained 3,427,396 records with detailed information on Panamanian citizens (labeled as ‘patients‘), plus 468,086 records with records labeled as ‘test-patient‘ (although, this data also appeared to be valid and not purely test data).

The country total population 40,34,119, it means that approx 85 percent of citizens personal data exposed.

Panama citizens data breach
Image by security discovery

The record contained as following info:

  • Full name
  • Date of birth
  • National ID number (cedula)
  • Medical insurance number
  • Phone
  • Email
  • Address
  • Other info

BOB has reported to CERT Panama and they immediately took action on the report and secured the database within 48 hours.

The state agency believed that the Elasticsearch server does not secure effectively. In November 2018, there are 114 million records of US citizens and companies data were also breached caused by unsecured ElasticSearch database.

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

Leave a Reply
Related Posts