Comelec validating report of alleged hacking of 60 gigs of data for Eleksyon 2022

The Commission on Elections is validating a newspaper report that hackers downloaded 60 gigabytes of data from its systems—a hack that is said could compromise the integrity of Eleksyon 2022.

In a statement, Comelec spokesman James Jimenez said the authors of the report had been invited  to shed light on their allegations, "particularly with regard to the 'verification' they claim to have carried out."

"Considering that 'news' like this could potentially damage the credibility of the elections, the Comelec stands ready to pursue all available remedies against those who, either deliberately or otherwise, undermine the integrity of the electoral process," Jimenez said.

Jimenez said some of the data which the Manila Bulletin said the hackers had accessed had yet to be encoded into its systems.

These include usernames and personal identification numbers of vote counting machines.

"The Comelec is presently validating the allegations of the article published by the Manila Bulletin, specifically whether Comelec systems have, in fact been compromised," Jimenez said.

"With no independent verification that a hack has indeed taken place, one thing immediately stands out: the article alleges that the hackers were able to 'download files that included, among others, usernames and PINS of vote-counting machines (VCM)'," he added.

"The fact, however, is that such information still does not exist in Comelec systems simply because the configuration files - which includes usernames and PINs - have not yet been completed," Jimenez said.

"This calls into question the veracity of the hacking claim," he added.

The Manila Bulletin said its Technews team found that the hackers breached the Comelec system on Saturday and downloaded usernames and personal identification numbers of vote-counting machines.

The other downloaded files were network diagrams, IP addresses, list of all privileged users, domain admin credentials, list of all passwords and domain policies, access to the ballot handling dashboard, and QR code captures of the bureau of canvassers with login and password.

“Sensitive data downloaded also included list of overseas absentee voters, location of all voting precincts with details of board of canvassers, all configuration list of the database, and list of all user accounts of Comelec personnel,” MBTechnews said.

Jimenez said the report offered little proof of the "ongoing hack."

He said the Comelec assured the public of its "full and scrupulous compliance with the Data Privacy Act, as well as its continuing cooperation with the National Privacy Commission." —NB, GMA News