Comelec hack puts data of 55M registered voters at risk, security firm says

MANILA, Philippines — Fifty-five million registered voters in the country may fall prey to fraudsters after hackers leaked the entire database of the Commission on Elections (Comelec) revealing sensitive personal information, an international security software firm warned.

 

Investigation by TrendMicro found that passport details of 1.3 million overseas Filipino voters and 15.8 million fingerprint records were included in the massive data breach. Also leaked was a list of Comelec officials that have admin accounts.

 

Its scope makes it the biggest government-related data breach in history, surpassing the 2015 hacking of the US Office of Personnel Management which revealed fingerprints and social security numbers of 20 million Americans.

 

What’s more alarming, according to TrendMicro, was that the “crucial data is just in plain text and accessible to everyone.”

 

Following the hacking by Anonymous Philippines of the Comelec website last March 27, a second hacker group called LulzSec Pilipinas released the poll body’s entire database online. Three more mirror links were later added where the database could be downloaded.

Aside from fraud, the leak also leaves registered voters vulnerable to other threats.

 

“Reports stated that while some of the data were encrypted, there were some fields that were left wide open. Cybercriminals can choose from a wide range of activities to use the information gathered from the data breach to perform acts of extortion,” the security firm said.

 

“In previous cases of data breach, stolen data has been used to access bank accounts, gather further information about specific persons, used as leverage for spear phishing emails or BEC schemes, blackmail or extortion, and much more.”

 

Comelec, however, said Thursday that it has yet to check the claims made by the security firm. 

 

On Twitter, Comelec spokesperson James Jimenez said that the agency “will have to check its allegations, its sources, and what it claims to have studied.”

 

RELATED:  Comelec website hacked | Comelec seeks NBI help vs hackers