INEC, DSS Investigate Alleged Unauthorized Access to Voter Database

The Independent National Electoral Commission (INEC) and the Department of State Services (DSS) have commenced separate investigations into allegations of unauthorized access to the Commission’s Continuous Voter Registration (CVR) database.

The probe follows claims that information relating to a candidate in a recent political party primary election in the Federal Capital Territory (FCT) was retrieved from the database and subsequently made public without authorization.

INEC said the investigations were prompted by reports circulating on social media and in sections of the media alleging improper access to voter registration records.

In a statement issued on Tuesday, the National Commissioner and Chairman of the Information and Voter Education Committee, Mohammed Kudu Haruna, said the Commission was treating the allegation with utmost seriousness and had immediately launched a thorough investigation to establish the facts surrounding the incident.

The electoral body, however, said preliminary findings from its audit trail showed there was no external breach of the CVR database, no hacking incident and no unauthorized external access to its Information and Communication Technology (ICT) infrastructure.

According to INEC, the information in question was accessed through valid user credentials assigned to personnel participating in the ongoing Continuous Voter Registration exercise but was released without authorization.

The Commission explained that authorized Registration Officers are granted controlled access to specific components of the CVR system to enable them register new applicants, process transfer requests and update voter records where necessary.

It noted that such access is strictly restricted to official duties and is withdrawn at the end of the registration exercise.

INEC disclosed that its preliminary investigation had enabled it to identify the user account through which the information was accessed.

It added that relevant personnel connected to the account had been questioned, while all units linked to the incident were cooperating fully with investigators.

The Commission said it was also reviewing all technical, administrative and operational factors related to the matter to determine individual responsibility and establish whether there was any violation of its internal access-control protocols.

“The information in question was accessed through valid user credentials assigned to personnel participating in the ongoing CVR exercise but released without authority,” the Commission stated.

INEC stressed that the incident under investigation involved the retrieval of a specific voter record and did not indicate any compromise of its wider voter registration infrastructure or the personal data of more than 90 million registered voters across the country.

It reiterated its commitment to protecting voter information and maintaining the integrity of its electoral systems.

“The Commission wishes to state categorically that it takes the security, confidentiality and integrity of voter data with the utmost seriousness and remains committed to transparency, institutional integrity and the protection of voters’ personal information,” the statement added.

The Commission further disclosed that the DSS had, on its own accord, initiated an independent investigation into the matter.

It assured that it would continue to cooperate fully with all relevant security agencies and would not hesitate to refer anyone found culpable for appropriate legal action.

INEC also urged members of the public and the media to disregard what it described as unfounded speculation while investigations remain ongoing.

The Commission pledged to keep Nigerians informed of the outcome of the investigations and any measures taken in response to the incident.