DICT cybersecurity bureau to investigate reported hacking of Comelec data

The Department of Information and Communications Technology (DICT) will be conducting its own investigation into the alleged hacking incident on the Commission on Elections’ (Comelec) data.

Acting Secretary Emmanuel Rey Caintic has ordered the department’s Cybersecurity Bureau to conduct its own investigation on the reported hacking on the poll body’s data.

The order was based on the January 10, 2022 published report by the Manila Bulletin that indicated hackers allegedly gained access to the Comelec’s servers and allegedly stole crucial files including usernames and personal identification numbers of vote-counting machines (VCMs), according to the DICT.

The Manila Bulletin Tech News team reported that 60 gigabytes of data was illegally acquired from the servers, it added.

“While the report has been denied by the Comelec through spokesperson James Jimenez, it is in the interest of the citizenry and of the country to feel secure in the electoral process. This is why I have tasked the DICT’s Cybersecurity Bureau to immediately and independently investigate these allegations,” Caintic said.

“If indeed information has been stolen, there is still time to make the necessary changes and precautions to ensure a fair, honest, and efficient election,” he added.

The Comelec has said that it was validating the alleged hacking of poll data and has questioned the report's veracity by arguing that there is nothing to hack since such data is not yet available.

For his part, DICT Cybersecurity Bureau Director Jose Carlos Reyes said that his team is already in close coordination with the polls body.

“The National Computer Emergency Response Team of the Cybersecurity Bureau has been coordinating and assisting the Comelec Information Technology Department Director Jeannie V. Flororita on this matter,” Reyes said.

The National Privacy Commission (NPC) is also investigating the reported data hacking incident , saying the poll body should also probe the incident and submit the result of its investigation to the NPC by January 21.

The NPC issued orders for the appearance of the concerned parties— Comelec, Manila Bulletin, and Art Samaniego Jr., Technology editor and IT head of the Manila Bulletin —in a clarificatory meeting on January 25, 2022.

“The upcoming elections have highlighted the need to tighten measures in protecting the information gathered from our stakeholders and preventing its use outside the intended purpose. Rest assured, the DICT Cybersecurity Bureau will support the Comelec to ensure that the integrity of the elections is not compromised by any attempt of data breach,” DICT Assistant Secretary for Cybersecurity Atty. Kristoffer Tiansay said. —NB, GMA News