Website claims to have ‘leaked’ voters’ data
Comelec Chair Andres Bautista
A website that essentially made the data allegedly copied from the Commission on Elections (Comelec) as a searchable database surfaced online on Thursday.
The search engine wehaveyourdata.com “contains a lot of sensitive information, including fingerprint data and passport information. So we thought that it would be fun to make a search engine over that data,” according to a statement on the website.
“Hackers just hack and download data from websites but we make it accessible for anyone. It’s one thing to hear news about a huge data leak and another to see your data in a public website. Maybe, at least now, government will start thinking about security of citizens’ personal data,” it added.
The site surfaced on the same day the National Bureau of Investigation announced the arrest of a suspect in the recent defacement of the Comelec website.
An internet security firm has described the March 27 incident as potentially the world’s biggest government-related data breach, but officials said they had yet to verify if the released information has come from the Comelec database.
In a statement, Comelec spokesperson James Jimenez said the NBI is now looking into the matter. “In the meantime that they have not furnished us a copy of their findings, we advise the public not to use the hacker website as it can be used by the hackers to steal your information and thus expose you even further to the dangers of identity theft,” Jimenez said.
“We also cannot rule out at this stage that this may be an attempt by the hackers to monetize the data they claim to have,” he added.
Jimenez said the Comelec had not yet verified the accuracy of the data that the hackers claim to have copied. He apologized to the public “for this continuing attack on your privacy,” but assured them that the poll body was doing everything to resolve the matter as soon as possible.
In a TV interview, Comelec Chair Andres Bautista said “we are still trying to determine the full extent of what the data leak is. We’re not trying to make excuses. What happened happened, but also we’re trying to learn from our mistakes.
“What’s been done already is that we have transferred the hosting of the website. Before it was self-administered; now it is being hosted by the Department of Science and Technology. And also we have met with several companies like Microsoft, PLDT, that have been looking also for ways to assist us in… strengthening the firewall and ensuring that there are greater safeguards so this would not happen again.”
“And we have to distinguish the website, the public information website, from the website to be used in the results of the elections. So that is totally separate and distinct and the one that is going to be used in the elections is safe. Given this experience, we are ensuring that it will be safer than safe,” Bautista added.
Meanwhile, Comelec Commissioner Rowena Guanzon said she wanted accountability on the part of the Comelec for the data leak. “I don’t know if heads should roll but I think we have to call the director of the IT department. Explain why this happened and what they intend to do to make our websites more secure.”
“If there is gross neglect, that is a ground [for sanctions] under the civil service rule,” Guanzon told reporters.
