INEC Investigates Alleged Unauthorized Access to Voter Registration Database
The Independent National Electoral Commission (INEC) has commenced an investigation into allegations of unauthorized access to its Continuous Voter Registration (CVR) database following reports circulating on social media and in sections of the media.
The reports alleged that information relating to a candidate who participated in a recent political party primary election in the Federal Capital Territory (FCT) was improperly accessed and published.
In a statement issued by the National Commissioner and Chairman of the Information and Voter Education Committee, Mohammed Kudu Haruna, the Commission said it takes the allegation seriously and has launched a comprehensive investigation to establish the facts surrounding the incident.
INEC explained that, as part of the ongoing nationwide Continuous Voter Registration exercise, authorised Registration Officers were granted controlled access to specific components of the CVR system to enable them carry out official duties such as registering new voters, processing transfer requests and updating voter records.
According to the Commission, such access is strictly limited to official functions and is withdrawn at the conclusion of the exercise.
The Commission disclosed that preliminary findings from its audit trail have enabled investigators to identify the user account through which the information was accessed.
It added that relevant personnel connected to the account have been questioned, while all departments associated with the matter are cooperating with the ongoing investigation.
INEC said it is examining all technical, administrative and operational aspects of the incident to determine responsibility, establish how the credentials were used and identify any possible breach of internal access-control procedures.
However, the Commission stressed that initial findings indicate there was no external breach of the CVR database, no hacking incident and no unauthorized access to its ICT infrastructure from outside the organisation.
According to INEC, the information was accessed using valid credentials assigned to personnel participating in the ongoing voter registration exercise, but was subsequently released without authorization.
The Commission emphasized that the incident involved the retrieval of a specific voter record and does not suggest any compromise of the broader voter registration system or the personal information of more than 90 million registered voters nationwide.
INEC reaffirmed its commitment to protecting the security, confidentiality and integrity of voter data, assuring Nigerians that safeguarding personal information remains a top priority.
The Commission also revealed that the Department of State Services (DSS) has independently commenced an investigation into the matter.
INEC pledged full cooperation with security agencies and stated that anyone found culpable would face appropriate disciplinary and legal action.
The Commission urged members of the public and the media to disregard speculation and allow the investigations to run their course, assuring that its final findings and any actions taken would be made public in due course.
INEC Investigates Alleged Unauthorized Access to Voter Registration Database