According to a Manila Bulletin (MB) Technews team report, a group of hackers has allegedly hacked and downloaded more than 60GB of data from the servers of the Commission on Elections (Comelec) that may affect the May 2022 elections. This comes after a source contacted the MB Technews team last January 8, 2022.
Among the data that was downloaded include usernames, PINS of vote-counting machines (VCM), Network Diagrams, IP addresses, list of all privileged users, domain admin credentials, list of all passwords and domain policies, access to the ballot handling dashboard, and QR code captures of the bureau of canvassers with login and password.
The MB Technews team reached out to Comelec spokesperson James Jimenez and reported the said alleged data breach to the Comelec Steering Committee. Although, in a call between the MB Technews team and Jimenez on January 10, 2022, Jimenez said he has yet to receive a reply from the Committee.
“Sensitive data downloaded also included a list of overseas absentee voters, location of all voting precincts with details of board of canvassers, all configuration list of the database, and list of all user accounts of Comelec personnel,” said MB Technews.
Comelec later questioned the accuracy of the report of the data breach. Jimenez addressed the members of the media saying that the report “offers scant substantiation for its assertions.”
“The Comelec is presently validating the allegations of the article published by the Manila Bulletin, specifically whether Comelec systems have, in fact, been compromised,” added Jimenez.
The spokesperson also said that the information that was breached does not exist yet because the said files are yet to be completed.
“This calls into question the veracity of the hacking claim. As for the rest of the allegations made, please note that the article offers scant substantiation for its assertions despite claiming that the authors had ‘verified that there was an ongoing hack,” said Jimenez.
The official noted that MB Technews report did not even list proof of such verification and then assured the public of the Comelec’s “full and scrupulous compliance with the Data Privacy Act, as well as its continuing cooperation with the National Privacy Commission.”
Jimenez added, “Considering that ‘news’ like this could potentially damage the credibility of the elections, the Comelec stands ready to pursue all available remedies against those who, either deliberately or otherwise, undermine the integrity of the electoral process,” as a warning.
He also extended an invitation to the authors of the report to shed light on the alleged data breach.