Comelec data breach alleged, worried officials open probe

By Claire Morales True, Managing Editor

MANILA – The Commission on Elections maybe facing data breach and hacking of election data which could affect the results of the May 9 2022 elections raising concerns from Malacañang and Congress leaders, including the presidential, vice presidential and senatorial aspirants.

While the Comelec initially denied the report to be a “fake news,” government authorities and Congress have started looking into the alleged hacking and data breach by an unknown group as reported by a Manila Bulletin tech expert and editor.

Worried officials of the National Privacy Commission (NPC) has summoned representatives from the Commission on Elections (Comelec) and news outlet Manila Bulletin (MB) following a report of alleged hacking and data breach involving the poll body’s servers.

The National Bureau of Investigation has also conducted its investigation and initial results showed there was no hacking, said Comele Commissioner Rowen Guanzon adding, “Our servers were not hacked. Fake news.”

Guanzon made the tweet after officials and agents from the National Bureau of Investigation (NBI) conducted a site inspection of the Comelec’s warehouse in Sta. Rosa, Laguna.

NBI Director Eric Distor denied that hacking took place in the Comelec’s warehouse where the vote counting machines (VCMs) are stored.

Distor said they checked the configuration and testing areas, and “we are convinced walang nangyaring hacking dito.”

But a more thorough investigation would still be conducted by the NBI’s Cybercrime Division (CCD) National Capital Region, and their Special Project Team, said Justice Secretary Menardo Guevarra who supervises the operations of the NBI.

In a statement, Privacy Commissioner John Henry Naga said separate orders were sent to the Comelec and MB technology editor and IT head Art Samaniego Jr., to appear for a clarificatory meeting via teleconference on January 25.

The Senate and the  House of Representatives, on the other hand, plan to hold a public hearing on the matter.

“We will await any update to be pronounced by Comelec regarding this. Siyempre, nababahala rin kami, (Of course we are also concerned), obviously we’re also worried about this kung totoo man ito (if this is true),” Acting presidential spokesperson, Cabinet secretary Karlo Nograles, said in a Palace press briefing.

Nograles said the Palace will wait for the Comelec to release an official statement regarding the alleged breach of the servers.

On Monday, the Manila Bulletin reported that hackers were allegedly able to download “more than 60 gigabytes of data that could possibly affect the May 2022 elections” on January 8.

The hackers managed to download files that included, among others, usernames and PINS of vote-counting machines (VCM).

Comelec spokesperson James Jimenez said it is impossible for hackers to download usernames and PINs of VCM because “such information still does not exist in Comelec systems simply because the configuration files—which includes usernames and PINs—have not yet been completed.”

He questioned the accuracy of the report, noting that that it “offers scant substantiation for its assertions.”

Jimenez, likewise, noted that the Manila Bulletin report did not even list proof of such verification and Manila Bulletin’s Samaniego admitted the same.

However, he said the Comelec is validating the alleged data breach.

He also assured the public of its “full and scrupulous compliance with the Data Privacy Act, as well as its continuing cooperation with the National Privacy Commission.”