Privacy Commission issues report on 'hacking' probe; Comelec 3rd party provider summoned

Published January 27, 2022, 6:07 PM

by Alexandria Dennise San Juan

The National Privacy Commission (NPC) continues to gather more information on the alleged hacking and data breach involving the Commission on Elections (Comelec) servers.

Separate clarificatory meetings have already been conducted by the NPC last Jan. 25 with representatives from the Comelec and the Manila Bulletin (MB) regarding the reported hacking and data breach in the poll agency’s servers.

However, the Comelec denied that the database of overseas voters was compromised and clarified that a list of overseas voters was actually publicly available on their website as mandated by law.

“When asked to confirm if some of the artifacts came from their servers, Comelec reiterated that these could not be so because these have yet to be generated for the 2022 elections,” the NPC said in a statement on Thursday, Jan. 27.

The poll body also sought more time to submit its approved full incident report which the NPC asked to provide answers to the clarificatory questions stated in ts Jan. 21 order.

Under the order, the Comelec was directed to submit the full incident report on or before Jan. 27, as well as additional documents discussed during the clarificatory meeting.

Meanwhile, MB Technews Editor Art Samaniego, Jr. and MB, in a separate meeting, confirmed that the evidence gathered by the NPC and the basis of the publication’s news report were the same.

The Commission required Samaniego and MB to provide additional artifacts for analysis and comparison with those collected by its Complaints and Investigation Division, which were already submitted to the NPC on Wednesday, Jan. 26.

As the NPC continues its probe on the incident, it also summoned a third-party provider of Comelec possibly involved in the issue to appear in another clarificatory hearing with them.

The Commission also disclosed that it was pursuing leads regarding the alleged data breach, including a group of hackers claiming responsibility for the hack, especially on matters involving personal data.

“Rest assured we are continuing the investigation to determine if personal data was compromised, violations of the Data Privacy Act were committed, and the responsible individual or group for this incident,” Privacy Commissioner John Henry D. Naga said.

The separate meetings were attended by Executive Director Bartolome Sinoruz, Jr., Director James Jimenez, and Director Jeanni Flororita from COMELEC; and Samaniego, MB Publisher Herminio Coloma, Jr., MB Vice President-Administration Department Brig. Gen. Reynaldo Rafal.