Comelec apologizes to public as new website leaks voters’ data

THE Commission on Elections (Comelec) has apologized to the electorate as a new site claiming to contain voters’ data where users can easily search for their biometric information has surfaced online.

In a statement, Comelec spokesperson James Jimenez said that the poll body has already tapped the experts from the National Bureau of Investigation CyberCrimes Division for more information on the website “Philippines, we have your data,” which spread online on Thursday.

According to reports by netizens, the website contains data that include the voter’s first and last name, birthdate, personal address, passport information, precinct and other sensitive information.

“I apologize for this continuing attack on your privacy and assure the public that the Comelec is doing everything we can resolve this matter at the soonest possible time,” Jimenez said.

Jimenez said that the poll body has yet to verify the information available on the website and cautioned the public against putting their personal information on the website.

“The National Bureau of Investigation CyberCrimes Division is now looking into the website and investigating the matter,” he said.

“In the meantime that they have not furnished us a copy of their findings, we advise the public not to use the hacker website as it can be used by the hackers to steal your information and thus expose you even further to the dangers of identity theft. We also cannot rule out at this stage that this may be an attempt by the hackers to monetize the data they claim to have,” he said.

Jimenez also said that the Comelec could not verify whether the data came from LulzSec Philippines, the hackers who defaced and hacked the Comelec website last March 27.

“The Comelec has not yet verified the accuracy of the data the hackers claim to have copied, and the investigation is ongoing,” he said.

The website’s About page said that: “We thought that it would be fun to make a search engine’ of Philippine voter information.”

‘Filipinos can be mapped out’

Sought for comment, Drexx Laggui, Principal Consultant on Digital Forensics, warned of the massive implications of the new website.

“So many different organization, good and evil intent, want that database. Worst case scenario, people can be mapped out, bribed or intimidated… Or scared to not vote anymore if a region is not favorable to an org,” Laggui said.

Laggui said that the whole electoral process might be at risk if Comelec officials would be prosecuted for violations of the Data Privacy Act.

“If Comelec authorities are prosecuted for violations of Data Privacy Act, then they can’t administer their functions, so the electoral process may be at risk,” he said.

A suspected hacker—a 23-year-old information technology graduate—was nabbed by the NBI on Wednesday evening and is now in its custody.

Read more...