Comelec official calls data breach report 'fake news'

Jauhn Etienne Villaruel, ABS-CBN News

Posted at Jan 12 2022 02:26 PM

The Commission on Elections headquarters in Intramuros, Manila. Jonathan Cellona, ABS-CBN News/File
The Commission on Elections headquarters in Intramuros, Manila. Jonathan Cellona, ABS-CBN News/File

MANILA — A Commission on Elections (Comelec) official for the first time on Wednesday categorically denied its systems were hacked that allegedly compromised sensitive data as claimed by a newspaper report published Monday.

In a tweet, Comelec commissioner Rowena Guanzon labelled as "fake news" the Manila Bulletin (MB) story that hackers allegedly were able to break into the poll body's servers and downloaded 60-gigabytes worth of data.

"FAKE NEWS: Comelec server was hacked, not true. Manila Bulletin editor must verify," Guanzon said in a tweet. 

On Monday, MB came out with a report that claimed its Technews Team has verified information from a source about the supposed hacking that took place Saturday.

“[T]he hackers' group managed to breach the system of the Comelec last Saturday, Jan. 8, 2022, and download files that included, among others, usernames and PINS of vote-counting machines (VCM)," the article read.

MB said hackers also took network diagrams, IP addresses, list of all privileged users, domain admin credentials, list of all passwords and domain policies, access to the ballot handling dashboard, and QR code captures of the bureau of canvassers with login and password.

"Sensitive data downloaded also included list of overseas absentee voters, location of all voting precincts with details of board of canvassers, all configuration list of the database, and list of all user accounts of Comelec personnel," the MB article stated, quoting its Technews Team.

Comelec spokesman James Jimenez questioned the veracity of the report because it did not elaborate on the "verification" process it supposedly carried out to confirm the alleged hacking. 

"We invite the authors to shed light on their allegations, particularly with regard to the 'verification' they claim to have carried out," Jimenez said.

On Wednesday, the National Privacy Commission issued separate orders to the Comelec, MB tech editor Art Samaniego and Manila Bulletin to appear for a "clarificatory" meeting via teleconference on Jan. 25 regarding the supposed data breach. 

If confirmed, this would not be the first time the poll body suffered a data breach.

In 2016, a group of hackers also stole the personal data records of some 54 million registered voters.

In 2017, Comelec also reported that a desktop computer of its election officer was stolen, compromising voters' data.

The country will hold national and local elections on May 9, 2022.