Back in March 27, 2016 hackers under the banner, Anonymous Philippines hacked into the website of the Commission on Elections defaced it to demonstrate how weak the poll body’s online security measures are. A few days later, another group of hackers LulzSec Pilipinas made available online the entire database of COMELEC – 338GB in size containing information of more than 55 million voters.
COMELEC Chair Andres Bautista said that no confidential information was leaked. COMELEC has downplayed the scale of the data breach to allay fears that it could compromise the results of the 2016 elections. While a valid concern and the election results were untainted, it brushed aside the other equally great risk for the millions of registered voters whose personal identifiable information has been compromised.
The newly established National Privacy Commission has just finished its investigation of the data breach and had made public the types of personal data that has been made available to anyone online including criminals:
“The voter database in the Precinct Finder application contained each voter’s complete name, date of birth, gender, civil status, address, precinct number, birthplace, disability, voter identification number, voter registration record number, reason for deletion/deactivation, registration date, and update time.”
“The voter database in the Precinct Finder application contained information on each voter’s verified name, date of birth, gender, civil status, post of registration, passport information, with number and expiry date, taxpayer identification number, e-mail address, mailing address, spouse’ name, the complete names of the voter’s mother and father, the voter’s addresses in the Philippines and abroad, post or country of registration, old registration information, Philippine representative’s complete name, citizenship, registration assistor, profession, sector, height and weight, identifying marks, biometrics description, voting history, mode of voting, and other textual reference information for the voter registration system.” the decision further reads, depicting how much personal data are now most likely in the hands of criminal elements as a result of the COMELEC data breach.
Here’s a rundown of the personal identifiable information that has been leaked:
- voter’s verified name
- date of birth
- civil status
- post of registration
- precinct number
- voter identification number
- voter registration record number
- reason for deletion/deactivation
- registration date and update time
- passport information with number and expiry date
- taxpayer identification number
- e-mail address
- mailing address
- spouse’ name
complete names of the voter’s mother and father
- voter’s addresses in the Philippines and abroad
- post or country of registration
- old registration information
- Philippine representative’s complete name
- registration assistor
- height and weight
- identifying marks
- biometrics description
- voting history
- mode of voting
- other textual reference information for the voter registration system
To criminals who is into identity theft, use of forged documents and IDs, impersonation, blackmail and harassment, the COMELEC data leak is a gold mine.
If you’re a registered voter, you are vulnerable to hacking of your social media and other online accounts, identity theft which would compromise your bank accounts, utilities, academic or professional records, etc it could even be used to manipulate the next elections.
The NPC is just right in recommending the filing of criminal charges against COMELEC Chair Andres Bautista as he is liable for this catastrophic violation of Republic Act No 10173 or the Data Privacy Act of 2012.
I don’t know how else to say it, but this has really got me scared.