55 million voters’ data leaked from Philippine electoral commission
A Problem In The Philippines
A massive data breach has put around 55 million Philippine citizens at risk of fraud and other activities after a massive leak of their personal information. The entire database of the Commission on Elections, (Comelec), was hacked last month, according to the security company, Trend Micro.
The hacking incident happened on the 27th of March, when a hacking group by the name Anonymous Philippines, committed the defacement of the Comelec website. The group probably did the act to send a message about implementing tightened security measures on the precinct optical scan (PCOS) machines to be used during the Election Day which is due on May 9th.
“But what happens when the electoral process is mired with questions and controversies? Can the government still guarantee that the sovereignty of the people is upheld?” the group posted on the Comelec website after defacing it.
Other reports mentioned that another hacking group sent links online which traced back to the Comelec database. The group, LulzSec Pilipinas, also posted three other mirror links the following day which indexed downloadable files on their initial link.
A Big Problem
Trend Micro, the security company which identified the leak, said that this could turn out to be the biggest leak from government-related leaks even surpassing the 2015 Office of Personal Management link which leaked data for 20 million US citizens. Comelec released a statement assuring the people that no sensitive information had been compromised, and the country’s polls which are automated would be secure, something which the security company believes is misleading.
“Interestingly, we also found a whopping 15.8 million record of fingerprints and a list of people running for office since the 2010 elections,'” it added. “Among the data leaked were a file on all candidates running in the election with the filename VOTESOBTAINED. Based on the filename, it reflects the number of votes obtained by the candidate. Currently, all VOTESOBTAINED file are set to have NULL as a figure.”
Whether the leak would affect the elections or not there was also the added not of leaked voter personal information.
“Cybercriminals can choose from a broad range of activities to use the information gathered from the data breach to perform acts of extortion. In previous cases of data breach, stolen data has been used to access bank accounts, gather further information about particular persons, used as leverage for spear phishing emails or BEC schemes, blackmail or extortion, and much more,” the company warned.
If you’re reading this and are in the Philippines, or plan to go there any time soon, check out our pick of the best VPNs for the Philippines.