Prof. Joash Amupitan, INEC Chairman
By Emmanuel Oloniruha
The Independent National Electoral Commission (INEC) has begun an investigation into allegations of unauthorised access and disclosure of information from its Continuous Voter Registration (CVR) database.
The commission disclosed this in a statement issued by Mohammed Haruna, National Commissioner and Chairman of the Information and Voter Education Committee (IVEC), on Tuesday in Abuja.
The News Agency of Nigeria (NAN) reports that the probe follows social media reports claiming that the voter data of a candidate in the recent Federal Capital Territory (FCT) political party primaries was leaked, using official access credentials.
Haruna said that while INEC’s preliminary findings showed no evidence of an external cyber-attack, the commission took the allegation seriously and had immediately commenced a thorough investigation to establish the facts surrounding the incident.
He explained that as part of the ongoing CVR exercise nationwide, authorised INEC Registration Officers were granted controlled access to specific components of the CVR system.
This, according to him, is to enable them register new applicants, process requests for transfer of registration and update voter records, where necessary.
He added that such access was restricted to official duties only and withdrawn at the conclusion of the exercise.
Haruna, however, said that the audit trail from the preliminary investigation had enabled the commission to identify the user-account through which the information was accessed.
“Accordingly, relevant personnel have been questioned, and all units connected with the incident are cooperating fully with the investigation.
“The commission is also examining all technical, administrative and operational factors associated with the matter in order to establish individual responsibility,’’ he said.
Haruna added that the investigation was to determine the circumstances surrounding the use of those credentials and identify any breach of internal access-control protocols before taking appropriate action against anyone involved.
“Preliminary findings from the commission’s audit trail so far, however, indicate that there was no external breach of the CVR database, no hacking incident, and no unauthorised external access to the commission’s ICT infrastructure.
“Rather, the information in question was accessed through valid user credentials assigned to personnel participating in the ongoing CVR exercise but released without authority,’’ he said.
Haruna said that the incident under investigation related to the retrieval of a specific voter record.
He added that it did not also indicate any compromise of the commission’s broader voter registration infrastructure or the personal data of more than 90 million registered voters.
“The commission wishes to state categorically that it takes the security, confidentiality and integrity of voter data with the utmost seriousness and remains committed to transparency, institutional integrity and the protection of voters’ personal information,’’ he said.
Haruna added that the Department of State Services (DSS), on its own accord, had also commenced an independent investigation into the matter.
He said that INEC would continue to cooperate fully with all relevant security agencies and would not hesitate to refer any person found culpable for appropriate legal action.
Haruna urged on members of the public and the media to disregard unfounded speculations while investigations were ongoing.
He said that INEC would continue to keep the public informed of its final findings and any measure taken in response to the incident in due course.(NAN)
