And you thought it was bad in the United States. In Chile hackers accessed and then posted the personal information of over six million people in the largest data breach in South American history.

The hacker, posting as Anonymous Coward, unleashed three compressed files that offered the taxpayer id (like our Social Security Numbers), addresses, phone numbers, and a host of other private information on the popular Chilean techblog Fayerwayer in the form of a comment on an article. Although the information was only available for two hours there’s really no way of knowing how many people saw/downloaded/accessed that data. Allegedly, the hacker posted the information to bring light to the poor security measures imposed by the government by releasing data on over 1/3 of the country’s population (of 16 million).

According to the Chilean newspaper that broke the story, El Mercurio, “The publicity has focused the country’s attention on both government IT security and also the country’s lax privacy laws. For example, Chile’s department of elections sells voter data including gender, name, address, nationality, date of birth, and information on disabilities.” That’s pretty frightening in and of itself–if the government is already going to make that data readily available for commercial purposes it stands to reason that a data breach like that would be happen.

Additionally noteworthy is that, in addition to posting the actual data, the hacker also posted tips on how to best use the data AND how he did it: apparently through the use of several proxies that allowed for near-anonymous access. Proxies are nothing new but they’re more frequently used for things like school-age children accessing sites like MySpace and Facebook after the sites have been banned from access at their schools. Further, these sites can be used to access just about anything–kind of like a baby VPN. It should come as no surprise then that given the ubiquity of these proxy sites that someone was going to take advantage of them in a place where the internet security is so lax.

Unfortunately for the affected Chileans there is no Lifelock or Debix to help bail them out of their situation so they’re going to have to take up their issues directly with the government; a government that has already made it known to them (the people) that they don’t take a particular interest in protecting their personal information.

Tags: chile, debix, lifelock

This entry was posted on Wednesday, May 14th, 2008 at 7:02 am and is filed under Government Breaches. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.