The Comelec is downplaying the breach
A few weeks ago members of LulzSec Pilipinas managed to hack the servers of the Commission on Elections and in the process, their entire database. That includes all of the 55 million registered voters for the upcoming election. While Comelec is downplaying the breach saying that no sensitive information was compromised, cyber security expert Trend Micro is saying that that’s not the case.
For starters, the sheer size of the hack means that it’s currently the biggest government-related data breach in history, surpassing the Office of Personnel Management (OPM) hack last 2015 that leaked personal identifiable information (PII), including fingerprints and social security numbers (SSN) of 20 million US citizens.
According to Trend Micro, the hack exposed fingerprint data of registered voters, as well as the 1.3 million records of Filipino overseas voters, which includes passport numbers and expiry dates. That’s not the worst thing about the leak – it’s the fact that sensitive personal information was stored in plain text format, without any kind of encryption. Encrypting sensitive personal information in databases is usually a common sense practice in IT, but apparently it wasn’t done in this case.
To be fair, reports indicate that some of the data in the files were encrypted, but a majority of the files were not. The hack leaves all registered voters open to potential fraud via phishing attacks and BEC schemes.
Our advice if you’re a registered voter this election? Keep an extra vigilant eye out for emails, messages and schemes that are too good to be true.