'Comelec data leak like giving car keys to a thief'


Posted at Apr 22 2016 09:45 AM | Updated as of Apr 22 2016 09:46 AM

MANILA - Information technology (IT) experts shared some advice to the public over the online leak of voters' data from the Commission on Elections (Comelec), which they brand as the largest data privacy breach in history.

Hackers have put out in a website the trove of information they stole from the Comelec website, containing the personal data of at least 55 million voters.

READ: Website uploads voter info, Comelec downplays leak

IT lawyer JJ Disini, lecturer at the UP College of Law whose expertise is data privacy and security, urged the public not to share information about the site to avoid magnifying the harm to those whose names are there.

Disini also said hackers were able to get the encryption keys to unlock the data. The encryption keys were included in the data taken from the Comelec.

Disini likened the situation to a vehicle owner giving his car keys to a thief.

"It's like you stole my car and I gave you the keys with it. You stole data that is in the lockbox and somewhere in the stash that you got are the keys to open the box," he told ABS-CBN News Channel.

Meanwhile, data analyst Francis Gary Viray said it could be just a matter of time before all data in the Comelec database is fully decrypted.

He advised people to change the passwords and PIN numbers they use in applications that utilize personal information found in their Comelec profiles.

Viray also reminded people visiting the hackers' website that checking one's info there could be a ploy to validate a person's information, plant viruses or steal data stored in cookies on the user's browsers.

Comelec data leak: How to protect yourself

Disini and Viray also agreed that the leaked data is a goldmine to marketers.

He said the data could also be used by politicians to identify voters and map out precincts.

"If I am a marketer, I would download all of these data and it would give me the names and addresses of many individuals in many places," he said.

"If I'm a politician I can know exactly who is in what precinct, who are the individuals who make up a certain precinct. So that kind of data, that kind of granularity, I think was not previously available to specific candidates or political parties. That information is already out there because of this data breach."

READ: Stolen Comelec data 'ripe for identity theft'