The Philippines’ Commission on Elections (COMELEC) said Monday it was investigating an allegation its server was “hacked” after the Manila Bulletin published an article making the claim earlier that same day, Yahoo News Philippines reported.
“The COMELEC is presently validating the allegations of the article published by the Manila Bulletin, specifically whether COMELEC systems have, in fact, been compromised,” the commission’s spokesman, James Jimenez, wrote in a statement issued on January 10.
COMELEC enforces all laws and regulations related to Philippine elections. The Philippines is scheduled to hold a general election on May 9 for executive and legislative branches of the country’s government. The Manila Bulletin, the Philippines’ second-oldest newspaper, published an article on January 10 claiming COMELEC’s server was hacked on January 8 in a security breach that “compromised sensitive voter information,” adding the alleged hacking “could possibly affect the May 2022 elections.”
Manila Bulletin‘s “Technews” team said it received a tip from an unidentified person on Saturday who claimed a group of cyber hackers successfully breached COMELEC’s server on January 8, downloading “more than 60 gigabytes of data” including files containing “usernames and PINS of vote-counting machines.”
The newspaper’s tech team said the alleged cyberattack further compromised other files such as “network diagrams, IP addresses, list of all privileged users, domain admin credentials, list of all passwords and domain policies, access to the ballot handling dashboard, and QR code captures of the bureau of canvassers with login and password [sic].”
“Sensitive data downloaded also included list of overseas absentee voters, location of all voting precincts with details of board of canvassers, all configuration list of the database, and list of all user accounts of Comelec personnel [sic],” the Manila Bulletin wrote.
COMELEC spokesman Jimenez challenged the newspaper’s specific claim it had “verified” the alleged hacking incident in a press release issued January 10.
“With no independent verification that a hack has indeed taken place, one thing immediately stands out: the article alleged that the hackers were able to ‘download files that included, among others, usernames and PINs of vote-counting machines (VCM),'” Jimenez wrote.
“Such information still does not exist in COMELEC systems simply because the configuration files — which includes usernames and PINs — have not yet been completed,” he revealed.
“Please note that the article offers scant substantiation for its assertions despite claiming that the authors had ‘verified that there was an ongoing hack,'” the COMELEC mouthpiece added.
“Indeed, the article does not even offer proof of such verification,” Jimenez observed.
COMELEC’s spokesman urged the authors of the Manila Bulletin article in question to provide evidence for their assertions while assuring the Philippine public of its “full and scrupulous compliance” with the Philippine Data Privacy Act.