Comelec hack data has since been dumped in public websites
The Comelec Hack exposes 55M voters to identity theft. Comelec is trying to downplay the hacking of its website last Mar. 27. But sensitive personal info on 55 million voters have been exposed. Dumped in public websites, the Comelec hack data include not only names, birth dates and addresses, but also fingerprints, photos and signatures.
Cybercriminals can exploit the data for all sorts of fraud, like fake bank withdrawals and home bills, extortion, and blackmail. Most at risk of identity theft are 1.3 million overseas absentee voters, as their passport numbers and other I.D. entries are now publicized. The exposed voter database can also mess up the May 9 elections. Because of the Comelec Hack personal and electoral security was compromised. The negligent Comelec officials must be sued criminally and for civil damages, experts say.
The Comelec hacking was led by Anonymous Philippines. The local chapter of the international hackers’ group had posted a warning on the poll body’s website, and in social media, against automated fraud. Taken down two days later, the message was for activating the security features of the vote counting machines. One of its members, “n3far1ous,” hinted at worse should the group be ignored.
“Dear Comelec, do you think it is impossible to dump the database? Well, think again,” he wrote on a Facebook page.
That became reality, as reported ten days later, Apr. 6, by info-tech security giant Trend Micro. “Every registered voter in the Philippines is now susceptible to fraud and other risks after a massive data breach leaked the entire database of the Comelec,” it blared in its news blog.
“While initial reports have downplayed the impact of the leak, our investiga
tions showed a huge number of sensitive personally identifiable information (PII) – including passport information and fingerprint data – were included in the data dump.” (here)
Trend Micro stated: “With 55 million registered voters in the Philippines, this leak may turn out as the biggest government related data breach in history, surpassing the Office of Personnel Management hack last 2015 that leaked PII, including fingerprints and social security numbers (SSN) of 20 million US citizens.”
Now the ramification of the Comelec hack can be chaos on Election Day. To prevent that, an immediate security audit will be carried out by the Comelec. Such audit would identify when and where the breaches occurred, the missing or altered data, and possible corrective measures.
The Comelec has just commissioned a German firm for P123 million to purge the voters’ list of multiple, false, delisted, and deceased registrants. The project should have begun 90 days ago, but the poll body has only 30 days left before Election Day to do it. Meanwhile, the month-long overseas absentee voting already commenced last Saturday.
Comelec spokesperson James Jimenez downplayed the effect of the Comelec hack, saying no sensitive information was compromised during the hacking.