A cyber-attack on the website of the Philippines Commission on Elections (Comelec) has resulted in personally identifiable information (PII) of roughly 55 million people being leaked online. While there are no exact details on the number of affected people, it appears that hackers managed to grab the entire voter database, which includes information on the 54.36 million registered voters for the 2016 elections in the Philippines. Information on voters abroad also leaked, along with other sensitive data. Should the data in this leak prove genuine, it would make the breach one of the largest so far this year, on par with the recent hack of a database apparently containing details of almost 50 million Turkish citizens, which determined Turkey’s authorities to launch a probe into the incident. It would also be the largest breach after the Office of Personnel Management attack last year.
As the Philippines prepares for the upcoming national elections on May 9, Comelec has been pushed for increased transparency, and the security of their Automated Voting System (AVS) has been questioned. The breach also reveals that the commission doesn’t employ all of the necessary security measures to keep its systems safe.
The data leak incident began on Sunday, March 27, when Anonymous Philippines hacked and defaced the Comelec website. The hacking group was reportedly looking to encourage the commission to implement the security features of vote-counting machines (VCMs), also known as precinct count optical scan (PCOS) machines.
Soon after, a second group of hackers, which call themselves LulzSec Pilipinas, said that they too breached the Commission’s systems, and that they managed to grab the entire database. The group posted links to index of files that could be downloaded, including a massive comweb.sql.qz archive, which Anonymous Philippines was able to access as well.