The head of an Ecuadorian data analytics firm has been arrested after leaving the personal and financial information of almost the entire country’s population unprotected online.

William Roberto Garces, general manager of Novaestrat, was arrested as part of an investigation into allegations his company left a server with the personal records of about 20.8 million Ecuadorians, including 6.7 million children, at risk online without a password. The data exposed personal information such as names, dates of birth, addresses, email addresses, and government identification numbers as well as financial and banking information.

Ecuador has a population of about 16.6 million people, so the entire population is expected to be at risk from the data breach. Officials believe the firm gained access to the data when it received government contracts from 2015 to 2017.

The personal information exposed included that of Wikileaks founder Julian Assange, who had applied for asylum in Ecuador and was given a government identity card while spending time in the country’s London embassy.

Security company vpnMentor found the unsecured data on a Miami-based server owned by Novaestrat and reported the data breach to Ecuadorian officials. The data on the server has since been secured.

The data breach, especially the personal and financial information exposed, leaves Ecuadorian citizens vulnerable to identity theft.