Filtered By: Topstories
News

Privacy Commission probing alleged Comelec data leak, received report back in January 8


The National Privacy Commission (NPC) is investigating the reported Commission on Elections (Comelec) data hacking, saying the poll body should also probe the incident and submit the result of its investigation to the NPC by January 21.

The NPC issued the statement two days after the Manila Bulletin published a report which claimed that upon its verification, Comelec data — network diagrams, IP addresses, list of all privileged users, domain admin credentials, among others — were hacked. 

The Comelec has said that it is still validating the alleged hacking of poll data and has questioned the report's veracity by arguing that there is nothing to hack since such data is not yet available. 

"The NPC’s Complaints and Investigation Division commenced its own independent investigation and issued a notice to Comelec requiring them to explain the alleged hacking and data breach. The Comelec must address the serious allegations made in the Manila Bulletin news report and determine whether personal data were indeed compromised, particularly personal information, sensitive personal information, or data affecting the same, which were processed in connection with the upcoming 2022 national and local elections," NPC Commissioner John Naga said.

"Comelec is also directed to conduct a comprehensive investigation on the matter and submit to the NPC the results thereof no later than January 21, 2022," Naga added.

Naga also disclosed that back in January 8, the NPC already received information from Mr. Art Samaniego, Technology Editor & IT Head of the Manila Bulletin, regarding a suspected breach on Comelec servers where an estimated 60 gigabytes of data, which possibly contain personal information and sensitive personal information, were allegedly accessed and downloaded by a certain group of hackers.

"The NPC has issued separate orders to the  Comelec, Mr. Art Samaniego Jr., and Manila Bulletin to appear for a clarificatory meeting via teleconference on January 25, 2022 on the alleged hacking and data breach incident involving the Comelec servers," Naga pointed out.

"Rest assured that the NPC does not tolerate any act in violation of the Data Privacy Act including negligence in implementing organizational, physical, and technical security measures on personal data processing systems, whether in government or private institutions," he added. — RSJ, GMA News