The personal information of more than 50 million Filipinos has been exposed in a breach of the Philippine electoral commission. According to security researchers at Trend Micro, the hack contains a huge amount of very sensitive personal data, including the fingerprints of 15.8 million individuals and passport numbers and expiry dates of 1.3 million overseas voters. The website of the Commission on Elections, Comelec, was initially hacked on March 27, by a group identifying itself as Anonymous Philippines, the local fork of the wider hacker collective. The homepage was defaced with a message accusing Comelec of not doing enough to ensure the security of voting machines used in the country’s upcoming election.
“One of the processes by which people exercise their sovereignty is through voting in an election,” the message read. “But what happens when the electoral process is so mired with questions and controversies? Can the government still guarantee that the sovereignty of the people is upheld?”
The same day, a different but related group, LulzSec Pilipinas, posted an online link to what it claimed was the entire database of Comelec. The 338GB database contains 75.3m individual entries on the electoral register, with 54.28m of them not tagged as disapproved – about the same number as the 54.36 million registered voters in the Philippines.