Comelec investigating alleged data breach ahead of #Halalan2022

Ina Reformina and Jauhn Etienne Villaruel, ABS-CBN News

Posted at Jan 10 2022 05:28 PM | Updated as of Jan 10 2022 08:59 PM

https://sa.kapamilya.com/absnews/abscbnnews/media/2021/news/11/15/20211111-comelec-building-jc-013751950.jpg

MANILA (UPDATE) — The Commission on Elections (Comelec) has suffered another data breach with 4 months to go before the crucial May national elections, a Manila Bulletin report claimed Monday, saying "60 gigabytes" worth of "sensitive voter information" and other data have been stolen by unidentified hackers. 

The Manila Bulletin (MB) on Monday said its Technews Team has verified information from a source about the supposed hacking that took place Saturday.

“[T]he hackers' group managed to breach the system of the Comelec last Saturday, Jan. 8, 2022, and download files that included, among others, usernames and PINS of vote-counting machines (VCM)," the article read.

MB claimed hackers also took network diagrams, IP addresses, list of all privileged users, domain admin credentials, list of all passwords and domain policies, access to the ballot handling dashboard, and QR code captures of the bureau of canvassers with login and password.

"Sensitive data downloaded also included list of overseas absentee voters, location of all voting precincts with details of board of canvassers, all configuration list of the database, and list of all user accounts of Comelec personnel," the MB article stated, quoting its Technews Team.

The publication said it immediately got in touch with Comelec spokesman James Jimenez to inform the poll body about the incident. 

On Monday, Jimenez refused to confirm the incident but said they are "conducting inquiries into the allegations of the report."

"Currently conducting inquiries into the allegations of the report. We will update ASAP,” Jimenez told ABS-CBN News.

HACKING? 

In a more detailed statement sent to reporters Monday evening, Jimenez addressed the MB report, which for him "offers scant substantiation for its assertions."

"We invite the authors to shed light on their allegations, particularly with regard to the 'verification' they claim to have carried out," Jimenez said. 

The MB article had no byline.

The spokesman also questioned the claims in the MB report because according to him, data supposedly stolen from the alleged hacking incident are not yet uploaded in the Comelec systems.

"Such information still does not exist in Comelec systems simply because the configuration files - which includes usernames and PINs - have not yet been completed. This calls into question the veracity of the hacking claim," Jimenez noted. 

Despite doubts, Jimenez said Comelec is pursuing its own validation of the MB report.

"Comelec assures the public of its full and scrupulous compliance with the Data Privacy Act, as well as its continuing cooperation with the National Privacy Commission. The Comelec will likewise continue its efforts to validate the assertions made by article," Jimenez said. 

He added that Comelec "stands ready to pursue all available remedies against those who, either deliberately or otherwise, undermine the integrity of the electoral process."

If confirmed, this would not be the first time the poll body suffered a data breach.

In 2016, a group of hackers also stole the personal data records of some 54 million registered voters.

In 2017, Comelec also reported that a desktop computer of its election officer was stolen, compromising voters' data.

The country will hold national and local elections on May 9, 2022.