INEC Investigates Alleged Unauthorized Access to Voter Registration Database, Denies Hacking Claims
Oru Leonard
The Independent National Electoral Commission (INEC), has launched an investigation into allegations of unauthorized access to its Continuous Voter Registration (CVR) database following the circulation of information relating to a candidate who participated in a recent political party primary election in the Federal Capital Territory (FCT).
In a statement issued on Tuesday by the National Commissioner and Chairman of the Information and Voter Education Committee, Mohammed Kudu Haruna, the Commission said it was treating the matter with utmost seriousness and had commenced a comprehensive probe to determine the circumstances surrounding the incident.
INEC explained that as part of the ongoing nationwide CVR exercise, authorized registration officers were granted restricted access to certain components of the registration system strictly for official duties such as registering new voters, processing transfers and updating voter records.
According to the Commission, preliminary findings from its audit trail have enabled investigators to identify the user account through which the information was accessed.
“The audit trail from the preliminary investigation has enabled the Commission to identify the user account through which the information was accessed. Accordingly, relevant personnel have been questioned, and all units connected with the incident are cooperating fully with the investigation,” the statement said.
The electoral body disclosed that it is examining all technical, administrative and operational aspects of the case to determine individual responsibility and establish whether there was any breach of internal access-control protocols.
However, INEC stressed that its preliminary findings showed there was no external breach of the CVR database, no hacking incident and no unauthorized external access to its information and communications technology infrastructure.
Rather, the Commission said the information was accessed using valid credentials assigned to personnel participating in the ongoing voter registration exercise but was subsequently disclosed without authorization.
INEC further clarified that the incident involved the retrieval of a specific voter record and did not compromise the broader voter registration system or the personal data of more than 90 million registered voters nationwide.
“The incident under investigation relates to the retrieval of a specific voter record and does not indicate any compromise of the Commission’s broader voter registration infrastructure or the personal data of over 90 million registered voters,” the statement noted.
Reaffirming its commitment to data protection, the Commission said it remains dedicated to safeguarding the security, confidentiality and integrity of voter information while maintaining transparency and institutional accountability.
INEC also revealed that the Department of State Services (DSS) has independently commenced an investigation into the matter. The Commission pledged full cooperation with security agencies and vowed to pursue legal action against anyone found culpable.
The Commission urged members of the public and the media to disregard speculation and allow investigations to run their course, assuring Nigerians that its final findings and any actions taken would be made public in due course.
