Data breach: Website uploads voter info, Comelec downplays leak

Rachel Hermosura, ABS-CBN News

A website claims to have made searchable the voter database hacked from the Commission on Elections (Comelec) website.

The website only requires visitors to fill two out of the three fields: first name, last name and maternal name. If the data is included, the page would show a voter's personal data, including birth date and birth place, address, date of registration as a voter, fingerprint information and passport information.

"The database contains a lot of sensitive information, including fingerprint data and passport information," the page said. "So, we thought that it would be fun to make a search engine over that data."

It's unclear who is behind the site, only saying that it was done "for lulz" (for fun).

"It's one thing to hear news about a huge data leak and another to is see your data in a public website," the page reads. "Maybe, at least now, government will start thinking about security of citizens' personal data."

Comelec Chairman, Andy Bautista however downplayed the leak, saying the information made available by the site "is really public information."

"In respect of this website, it is now out there. The information, as I said -- name, address, date of birth, as much as possible they should not be sent out. But also, this kind of information is publicly available in other government agencies," Bautista told ANC News Now.

Bautista claimed there "was no fingerprint information that was taken" but he admitted that "there are information taken in respect of addresses."

"Now I'm not trying to make excuses. The fact is our website was hacked, and that's why we're trying to find ways to minimize the damage," Bautista said.

He admitted that details from "passports of certain overseas Filipino voters" were also leaked.

But Bautista also highlighted the arrest of Comelec website hacker, nabbed by members of the National Bureau of Investigation Thursday.

READ: NBI arrests hacker of Comelec website

"The good news is we were able to arrest one of the hackers. In fact we met with him this morning, you saw him at the NBI. His computers, other paraphernalia were retrieved. At the moment, the NBI is continuing its forensic investigation in respect of the documents that are in the computer. There are two other hackers that the NBI is also looking for," he said.

Bautista said authorities are probing the "extent of what the data leak is."


Comelec spokesman James Jimenez meanwhile urged the public not to use the website containing leaked voter info, as this could be a phishing website.

"It can be used by the hackers to steal your information and thus expose you even further to the dangers of identity theft. We also cannot rule out at this stage that this may be an attempt by the hackers to monetize the data they claim to have," said Jimenez in a statement.

He also apologized for the data leak and assured that authorities are resolving the issue.

"I apologize for this continuing attack on your privacy and assure the public that the Comelec is doing everything to resolve this matter at the soonest possible time," Jimenez said.

Last March, hackers from Anonymous Philippines defaced the Comelec website, while an affiliated hacker group LulzPinas released the raw data of the poll body's voter database.

Trend Micro, a global security software company, earlier said the personal data of 1.3 million overseas Filipino voters, including their passport information, as well as fingerprints of 15.8 million people were compromised in the hacking of the Comelec site.

It said the data dump "may turn out as the biggest government related data breach in history" and warned that criminals can use the leaked personal information of Filipino voters for extortion and other illegal activities.

"In previous cases of data breach, stolen data has been used to access bank accounts, gather further information about specific persons, used as leverage for spear phishing emails or BEC [Business Email Compromise] schemes, blackmail or extortion, and much more," Trend Micro said.

The Comelec earlier said that the data retrieved by hackers are readily available through the poll body's website.