INEC, DSS probe voter data leak as Atiku raises fears

Former Vice President and presidential candidate Atiku Abubakar has demanded a comprehensive investigation into allegations of voter data leakage from the Independent National Electoral Commission (INEC) database. Abubakar expressed concern that INEC's recent explanation for the incident raised more questions than answers.

INEC confirmed on Tuesday that it had initiated an investigation into claims of unauthorized access to its Continuous Voter Registration (CVR) database and the subsequent disclosure of information pertaining to a candidate in a recent political party primary in the Federal Capital Territory. The commission emphasized the seriousness of the matter and its commitment to a thorough probe.

Independently, the Department of State Services has also launched its own investigation. According to a statement signed by Mohammed Haruna, INEC's National Commissioner and Chairman of the Information and Voter Education Committee, preliminary findings suggest no external breach or hacking of the commission's IT infrastructure. Instead, the information appears to have been accessed using valid user credentials assigned to authorized Registration Officers involved in the CVR exercise.

"Preliminary findings from the commission’s audit trail so far, however, indicate that there was no external breach of the CVR database, no hacking incident, and no unauthorised external access to the commission’s ICT infrastructure," INEC stated. "Rather, the information in question was accessed through valid user credentials assigned to personnel participating in the ongoing CVR exercise but released without authority."

INEC clarified that the incident involved the retrieval of a single voter record and does not indicate a compromise of the broader voter registration system or the personal data of over 90 million registered voters. The commission reiterated its dedication to data protection, confidentiality, and the integrity of voter information.

“

Preliminary findings from the commission’s audit trail so far, however, indicate that there was no external breach of the CVR database, no hacking incident, and no unauthorised external access to the commission’s ICT infrastructure. Rather, the information in question was accessed through valid user credentials assigned to personnel participating in the ongoing CVR exercise but released without authority.