EditorialsYoda Advice

Report: Comelec Data Breach Exposed All Registered Voters To Fraud

hacker-thach-thuc-nph-goplay

The Comelec is downplaying the breach

A few weeks ago members of LulzSec Pilipinas managed to hack the servers of the Commission on Elections and in the process, their entire database. That includes all of the 55 million registered voters for the upcoming election. While Comelec is downplaying the breach saying that no sensitive information was compromised, cyber security expert Trend Micro is saying that that’s not the case.

For starters, the sheer size of the hack means that it’s currently the biggest government-related data breach in history, surpassing the Office of Personnel Management (OPM) hack last 2015 that leaked personal identifiable information (PII), including fingerprints and social security numbers (SSN) of 20 million US citizens.

According to Trend Micro, the hack exposed fingerprint data of registered voters, as well as the 1.3 million records of Filipino overseas voters, which includes passport numbers and expiry dates. That’s not the worst thing about the leak – it’s the fact that sensitive personal information was stored in plain text format, without any kind of encryption. Encrypting sensitive personal information in databases is usually a common sense practice in IT, but apparently it wasn’t done in this case.

To be fair, reports indicate that some of the data in the files were encrypted, but a majority of the files were not. The hack leaves all registered voters open to potential fraud via phishing attacks and BEC schemes.

Our advice if you’re a registered voter this election? Keep an extra vigilant eye out for emails, messages and schemes that are too good to be true.

Source

John Nieves

John is a veteran technology and gadget journalist with more than 10 years of experience both in print and online. When not writing about technology, he frequently gets lost in the boonies playing soldier.

Related Articles

5 Comments

  1. It’s “a common sense practice in IT” to encrypt sensitive data, therefore there’s a clear negligence from them. It should be the basis for a complaint/case to them. Our security is at stake here

  2. WHAT THE HELL IS WRONG WITH OUR GOVERNMENT AGENCY DOWNPLAYING THIS CATASTROPHY!!!

    WE MIGHT AS WELL HACK WHO OUR NEXT PRESIDENT IS GONNA BE!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button
%d bloggers like this: