55M Filipino voters open to fraud after Comelec hack – int'l tech security firm

enablePagination: false
maxItemsPerPage: 10
totalITemsFound:
maxPaginationLinks: 10
maxPossiblePages:
startIndex:
endIndex:

Metro Manila (CNN Philippines) — The sensitive data of 55 million registered Filipino voters, including 1.3 million passport numbers of Filipinos overseas and 15.8 million records of fingerprints, were compromised following the hacking of the Commission of Election's (Comelec) website, said a tech security firm.

Taiwanese firm TrendMicro, founded in 1988, published on April 6 that every registered voter in the Philippines is now vulnerable to fraud and other risks based on its investigation.

Last March 27, hacktivist group Anonymous Philippines hacked the poll body's website, asking Comelec to make sure the PCOS have security features in place.

Hours later, another group named Lulzsec Pilipinas, posted Comelec’s entire database and leaked it on Facebook, with three mirror links to download the database.

But Comelec spokesperson James Jimenez downplayed the effect of the hack, saying no sensitive information was compromised during the hacking and the website to be used for the election results reporting will be a different one from its website.

Related: How to vote on May 9, a step-by-step guide

TrendMicro countered Comelec's statement saying that its investigations showed a huge number of sensitive personal identifiable information (PII), including passport information and its expiry dates, were included in the data dump.

"Our research showed that massive records of PII, including fingerprints data, were leaked. Included in the data COMELEC deemed public was a list of COMELEC officials that have admin accounts."

'Every citizen at risk'

The tech security firm expressed its concern on the data breach, saying that the information can be used to extort the affected citizens.

"Cybercriminals can choose from a wide range of activities to use the information gathered from the data breach to perform acts of extortion. In previous cases of data breach, stolen data has been used to access bank accounts, gather further information about specific persons, used as leverage for spear phishing emails or BEC schemes, blackmail or extortion, and much more," said TrendMicro.

Comelec's Jimenez said on Twitter that the poll body has yet to check the firm's sources and what it claims to have studied.

 

For the May 9, 2016 polls, around 55 million Filipinos were registered as voters, while active Filipino voters abroad reached 1.4 million — the total is the largest number of registered voters the country has seen so far.