A digital protection service provider claimed on Wednesday that some 55 million people who will be casting their votes this coming election now risk identity theft due to the data leaked from the recent hacking of the Commission on Elections (Comelec) website.
The recent defacement of the Comelec site by Anonymous Philippines spurred fear among voters regarding the security of the coming elections. However, Comelec spokesperson James Jimenez assured the public that the automated system to be used in this year’s election is secure, since it runs independently of the website.
Nevertheless, Trend Micro said in a blog post that the incident leaked a massive cache of data from the Comelec’s databases—including voters' personal information.
“Our research showed that massive records of personal identifiable information, including fingerprints data were leaked. Included in the data Comelec deemed public was a list of Comelec officials that have admin accounts,” Trend Micro said.
The company said that the leaked data included 1.3 million records of overseas Filipino voters with passport numbers and expiry dates.
“What is alarming is that this crucial data is just in plain text and accessible for everyone,” they said.
Trend Micro's investigation also found that 15.8 million fingerprint records and lists of people running for office since the 2010 elections had been leaked.
Data on candidates with the filename VOTESOBTAINED were also leaked, with Trend Micro surmising that the file likely reflects the number of votes obtained by each candidate.
Despite the Comelec's assurances, Trend Micro believes all is not safe.
“Regardless whether the hacking could affect the elections, there is still the issue of all voter information that was leaked... there were some fields that were left wide open,” the comany said.
Trend Micro warned that cybercriminals might use the information gathered from the breach to perform acts of extortion. — Kiersnerr Gerwin Tacadena/TJD, GMA News