MANILA – The Commission on Elections maybe facing data breach and hacking of election data which could affect the results of the May 9 2022 elections raising concerns from Malacañang and Congress leaders.
While the Comelec initially denied the report to be “fake news,” government authorities and Congress have started looking into the alleged hacking and data breach by an unknown group as reported by the Manila Bulletin tech expert.
In an article, the Manila Bulletin on Monday, January 10, said that hackers were able to enter the Comelec’s system on Saturday, January 8, and downloaded 60 gigabytes’ worth of files that include usernames and personal identification numbers (PINS) of vote-counting machines, which will be used for the 2022 polls.
It was not the first time an alleged breach of Comelec data was reported. Two months before the 2016 elections, the poll body grappled with a major hacking incident, with hackers leaking a voter records database online.
The scandal, now known as “Comeleak,” is considered the biggest leak of personal data in Philippine history, and among the biggest breaches of a government-held database in the world.
For its part, the National Privacy Commission (NPC) has summoned representatives from the Comelec and Manila Bulletin to explain their positions on the alleged hacking and data breach.
In a statement, Privacy Commissioner John Henry Naga said separate orders were sent to the Comelec and MB technology editor and IT head Art Samaniego Jr., to appear for a clarificatory meeting via teleconference on January 25.
The Senate and the House of Representatives, on the other hand, plan to hold separate public hearings on the matter.
The Comelec, meanwhile, denied the petitions seeking to reopen the filing of certificates of candidacy (COCs) and to postpone the May 9 polls filed by the PDP Laban faction led by Energy Secretary Alfonso Cusi and the National Coalition for Life and Democracy (NCLD) were unanimously junked.
“It was denied (Cusi’s petition) as well as the petition to suspend the elections until 2025. Both of them resoundingly denied,” he said.
He said the arguments presented by the group were not meritorious.
“The petition likewise alleged that the Comelec has the authority to set the timetable and basically short of saying that the Comelec was arbitrary in setting the timetable and we showed that it’s not arbitrary and in fact, the petition had in fact was ignored a bunch of priority activities that made it necessary for the schedule to be set the way it was,” Jimenez added.
According to Jimenez, their investigation is looking at different scenarios in the wake of the alleged data breach and hacking.
“Some financial reward, for example, there is a theory of such that is floating around. Right now, we can’t narrow down which one is actually the real thing. But again it is part of the investigation. We are looking at all different scenarios, there are so many. It is the election season and one thing we can assume is whoever did this must have known that this would have a negative effect on the credibility of the elections. Because of that, we are very intent on finding out who is behind this. We have to defend the integrity of the elections,” he added.
On the other hand, he assured the public that their systems are secured.
“We have confidence in the security of our systems and the procedures we have undertaken since 2016 to ensure our data is hardened and cannot be unlawfully accessed,” Jimenez said.
“…So it is important that Comelec addresses it squarely, to show to everyone that our system is secured and make sure that our data is protected,” he added.
Malacanang, meanwhile, distanced itself from the allegations.
“We will await any update to be pronounced by Comelec regarding this. Siyempre, nababahala rin kami, (Of course we are also concerned), obviously we’re also worried about this kung totoo man ito (if this is true),” said Acting presidential spokesperson and Cabinet secretary Karlo Nograles.
Nograles said the Palace will wait for the Comelec to release an official statement regarding the alleged breach of the servers.
The Manila Bulletin reported that hackers were allegedly able to download “more than 60 gigabytes of data that could possibly affect the May 2022 elections” on January 8.
The hackers allegedly managed to download files that included, among others, usernames and PINS of vote-counting machines (VCM).
Comelec spokesperson James Jimenez said the report on data breach is “fake news.”
“it is impossible for hackers to download usernames and PINs of VCM because “such information still does not exist in Comelec systems simply because the configuration files—which includes usernames and PINs—have not yet been completed,” Jimenez said.
He questioned the accuracy of the report, noting that that it “offers scant substantiation for its assertions.”
Jimenez, likewise, noted that the Manila Bulletin report did not even list proof of such verification and Manila Bulletin’s Samaniego admitted the same.
However, he said the Comelec is validating the alleged data breach.
He also assured the public of its “full and scrupulous compliance with the Data Privacy Act, as well as its continuing cooperation with the National Privacy Commission.”
Jimenez said the Comelec welcomes calls for the conduct of probes on the alleged hacking incident.
“We are working hard to validate these allegations because we understand how important it is. Malacañang expressed concern, it isn’t the only one. Many quarters have in fact called for investigations. Comelec welcomes these investigations. We are eager to participate in these investigations,” he added.
He said they are also in coordination with authorities such as the National Bureau of Investigation (NBI) and the Department of Information and Communications Technology (DICT).
“We are reaching out to the NBI and DICT. We are also preparing to appear before the NPC (National Privacy Commission),” he added