Details of more than 20 million people, including names, dates and phone numbers, were kept on a server in Miami without protection, it has emerged.
The data mostly concerns people living in Ecuador and includes the details of residents who are now dead.
It includes national identity card numbers, tax identification numbers and the names of family members.
The South American country has a population of around 17 million, meaning almost every person in the nation could be affected.
The server in question is owned by Novaestrat, an Ecuadorian company, and the lack of protection was revealed by security firm vpnMentor.
The breach has now been fixed, and it is unknown whether anyone has accessed the information with criminal intent.
However, vpnMentor said everyone whose data had been exposed could now be at risk of fraud.
“A malicious party with access to the leaked data could possibly gather enough information to gain access to bank accounts and more,” the firm said in a statement.
A spokesperson for Ecuador’s Attorney General’s Office said the details of seven million children had been leaked.
Authorities raided the house of William Roberto G, Novaestrat’s manager, on Monday.
Lenin Moreno, Ecuador’s president, said he would introduce legislation to ensure stricter data security.
Paula Romo, the interior minister, said those responsible would be held to account.
“The information we’ve received is very serious,” she said.
Julian Assange’s personal details were among those on the server, according to researchers.
However, Mr Assange’s citizenship was suspended in April 2019.
Additional reporting by agencies
Join our new commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies