Comelec: No biometrics data leaked after hack


MANILA, Philippines — Denying an earlier report by a tech security firm, the Commission on Elections (Comelec) assured voters that sensitive biometrics data weren’t included in the alleged database leak by a hacker group.

“We know the data they (hacker group) claimed to have and we know that data doesn’t include biometrics,” Comelec spokesman James Jimenez said in a media briefing on Tuesday.

He also called out TrendMicro for taking advantage of the situation. A report published by the tech security firm said the leak puts at risk the 55 million registered voters in the country — possibly making it the biggest government-related data breach in history.

RELATED: Comelec hack puts data of 55M registered voters at risk, security firm says

“In my mind it's a little dangerous,” Jimenez said of the report saying it legitimizes the data dump.

“Wala naman silang kakayahan to actually validate whatever it is they're looking at. Kasi wala naman silang access sa database ng Comelec,” he added.

Worst case scenario

Two hacktivist groups, Anonymous Philippines and LulzSec Pilipinas, consecutively breached the Comelec website last March 27. LulzSec Pilipinas then released the poll body’s entire database online and later added three mirror links where it could be downloaded.

TrendMicro said its investigation discovered that passport details of 1.3 million Filipino voters abroad and 15.8 million fingerprint records could be accessed in the dump.

If confirmed, then those affected would be vulnerable to fraud, blackmail, and extortion, among others.

The authenticity of the leaked database, however, is still being investigated. “Downloading the whole thing takes a little time,” Jimenez said adding that the total file size of the data was said to be 340 gigabytes.

“Again just to really be clear the dump hasn't been authenticated yet. We don't know if it is 100 percent accurate. We don't know if it has been amended in any way if it has been tampered with.”

He said the worst case scenario is if the database was indeed copied.

Hackers based in the Philippines

NBI Cybercrime Division chief Roland Aguto said what they know so far is that the hackers are in the Philippines, based on an IP address check and intelligence report. Once identified, they will be facing charges for violating the Cybercrime Prevention Act.

Jimenez also said the hacking would not compromise the elections results and that data inside the Comelec could not be manipulated.

“They cannot generate official documents,” he said.

  • Latest
  • Trending
Are you sure you want to log out?

Philstar.com is one of the most vibrant, opinionated, discerning communities of readers on cyberspace. With your meaningful insights, help shape the stories that can shape the country. Sign up now!

or sign in with