Categories: Security

Hackers Expose Philippines Voter Database

A breach of the Philippines’ Commission on Elections (Comelec) affecting about 55 million people could be the largest hack of government-held data ever, according to security specialists.

Government representatives have downplayed the seriousness of the breach, which took place late last month, but IT security firm Trend Micro said its analysis of the exposed data found that it included sensitive information such as passport numbers and fingerprint records.

“Every registered voter in the Philippines is now susceptible to fraud and other risks,” Trend said in an advisory. “With 55 million registered voters in the Philippines, this leak may turn out as the biggest government related data breach in history.”

Comelec’s website was defaced on 27 March by the Philippines branch of the Anonymous hacker group, which left a message accusing the government of poor security ahead of upcoming elections on 9 May.

Later on the same day a different but linked group, LulzSec Pilipinas, posted an online link to what it claimed was Comelec’s entire database, a 338 GB file containing 75.3 million individual entries. Just over 54 million of those entries would seem to correspond to the Philippines’ 54.36 million registered voters, according to Trend.

The database includes 1.3 million records for overseas Filipino voters, listing their passport numbers and expiry dates, in an easily searchable plain-text format, Trend said.

“Interestingly, we also found a whopping 15.8 million record of fingerprints and a list of people running for office since the 2010 elections,” the company stated.

Vote fraud fears

The Philipines uses an automated voting system, and the hacker groups both said their actions were intended to call the security around that system into question.

Comelec has said the voting system uses a separate system that’s better protected than the hacked site.

“We will be using a different website for the election, especially for results reporting and that one we are protecting very well,” a Comelec spokesman said at the time of the hack.

The breached Comelec database affects more people than a leaked database on more than 49 million Turkish voters exposed last week, but the Turkish database contains more sensitive information – detailed records, including parents’ names and addresses, on every person listed.

Last year a breach of the US government’s Office of Personnel Management (OPM) leaked information including fingerprints and social security numbers on 20 million current and former government employees.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

16 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

17 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

18 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

20 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

23 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

23 hours ago