A major data security incident has emerged in Costa Rica, where a private telecommunications company has left sensitive personal information exposed through an unsecured Google Storage system.
The breach, first discovered on December 21, involves approximately 600,000 records containing Costa Rican citizens' private data, including national ID cards and passport information.
Despite multiple email notifications sent to the telecommunications provider about this serious security lapse, the company has remained unresponsive to the warnings.
The Computer Security Incident Response Team of Costa Rica (CSIRT-CR) acknowledged receiving reports about the data exposure. However, they stated their limited authority in this case, noting: "While we have forwarded the report and relevant recommendations to the institution, we have no direct control over private companies."
The exposed database remains accessible, putting hundreds of thousands of Costa Ricans at risk of identity theft and other privacy violations. Security experts emphasize that leaving sensitive personal information in an unsecured cloud storage poses severe risks for affected individuals.
This incident highlights the challenges in addressing data security issues when private companies fail to implement proper protection measures or respond to security warnings. The telecommunications company's continued inaction raises concerns about corporate responsibility in safeguarding customer data.
As of now, the data remains exposed, pending action from the telecommunications provider to secure their storage system and protect their customers' sensitive information.