Hackers have reportedly managed to infiltrate the Philippines’ Commission on Elections (COMELEC) entire database, potentially putting at risk some 55 million registered voters.
On March 27, Trend Micro says a hacker group defaced the COMELEC website. The site’s entire database was then posted online by another group. Despite initial efforts to downplay the impact of the leak, the security firm says its investigations showed a “huge” amount of sensitive personally identifiable information including passport and fingerprint data was included in the data dump.
Given the number of registered voters in the country, Trend Micro says this may very well be the largest government-related data breach in history – an honor currently belonging to last year’s hack on the US government’s Office of Personnel Management (OPM) which impacted 20 million Americans.
The incident could be politically-motivated. Trend Micro notes that the country's national elections take place on May 9. What’s more, the first hacker group warned COMELEC to implement the security features of their Automated Voting System (AVS).
COMELEC spokesperson James Jimenez conceded that the security of the website isn’t very tight but that the AVS runs on a different, more secure network. The spokesperson added that everything will go smoothly during the elections.
Regardless of whether or not the election is tampered with, perhaps the bigger issue here is the fact that all voter information was leaked and can now be used against citizens. Some of the data was reportedly encrypted while other fields were apparently left wide open.