The Independent National Electoral Commission (INEC) has disclosed that it has identified the user account linked to the unauthorised access and disclosure of information from its Continuous Voter Registration (CVR) database, while ruling out claims that its system was hacked or externally breached.
In a statement issued by the National Commissioner and Chairman of the Information and Voter Education Committee (IVEC), Mohammed Kudu Haruna, the Commission said it had launched a comprehensive investigation following allegations circulating on social media and in sections of the media regarding the publication of information relating to a candidate who participated in a recent political party primary election in the Federal Capital Territory (FCT).
INEC stated that preliminary findings from its audit trail showed that the information was accessed through valid credentials assigned to personnel engaged in the ongoing nationwide CVR exercise and not through any external cyberattack.
According to the Commission, authorised Registration Officers were granted controlled access to specific components of the CVR system to facilitate voter registration, transfer requests and updates to voter records. Such access, it noted, is strictly limited to official duties and is withdrawn at the conclusion of the exercise.
The Commission revealed that its preliminary investigation had successfully traced the access to a specific user account, leading to the questioning of relevant personnel. It added that all units connected to the incident are cooperating fully with investigators.
INEC said it is examining all technical, administrative and operational aspects of the incident to determine individual responsibility, establish the circumstances surrounding the use of the credentials and identify any violations of internal access-control protocols.
“Preliminary findings from the Commission’s audit trail so far indicate that there was no external breach of the CVR database, no hacking incident and no unauthorised external access to the Commission’s ICT infrastructure,” the statement said.
The electoral body stressed that the incident involved the retrieval of a specific voter record and did not suggest any compromise of the broader voter registration infrastructure or the personal data of more than 90 million registered voters.
Reaffirming its commitment to data security and voter privacy, INEC said it takes the confidentiality, integrity and protection of voter information with the utmost seriousness and remains committed to transparency and institutional accountability.
The Commission also disclosed that the Department of State Services (DSS) has independently commenced an investigation into the matter and assured the public of its full cooperation with security agencies.
INEC warned that anyone found culpable would face appropriate legal action and urged members of the public and the media to disregard speculation while investigations continue.
The Commission pledged to keep Nigerians informed of the outcome of the investigations and any measures taken in response to the incident.
Facebook Comments
GIPHY App Key not set. Please check settings