Privacy Commission orders Comelec to shed light on alleged data leak

Published January 12, 2022, 12:35 PM

by Alexandria Dennise San Juan

The National Privacy Commission (NPC) is now investigating the reported hacking and data breach on servers of the Commission on Elections (Comelec).


In a statement on Wednesday, Jan. 12, NPC Commissioner John Henry D. Naga said the poll body was ordered to appear for a “clarificatory meeting” to shed light on the alleged data leak.

Also asked to attend the hearing set on Jan. 25 was Manila Bulletin Technews Editor Art Samaniego, Jr.

This, after the Manila Bulletin published on Jan. 10, a report stating that a group of hackers were able to penetrate the Comelec data and was able to download some 60 gigabytes of date that include network diagrams, IP addresses, list of all privileged users and domain admin credentials.

Prior to this, Naga bared that the NPC already received information from Samaniego regarding a “suspected breach on Comelec servers wherein an estimated 60 gigabytes of data, which possibly contain personal information and sensitive personal information, were allegedly accessed and downloaded by a certain group of hackers.”

The NPC’s Complaints and Investigation Division, which is leading the independent investigation, also urged the Comelec to probe the incident and submit the result to them by January 21.

“The Comelec must address the serious allegations made in the Manila Bulletin news report and determine whether personal data were indeed compromised, particularly personal information, sensitive personal information, or data affecting the same, which were processed in connection with the upcoming 2022 national and local elections,” Naga said.

“Rest assured that the NPC does not tolerate any act in violation of the Data Privacy Act including negligence in implementing organizational, physical, and technical security measures on personal data processing systems, whether in government or private institutions,” he added.