Mega Breach in The Philippines

55 million voters, 55 million citizens now susceptible to fraud and identity theft after a massive data breach that leaked the entire database of the Philippines’s Commission on Elections (COMELEC). With 55 million voters in the Philippine’s, this could go down as the largest government related data breach in history.

The data dump comes just weeks before the May 9 election and right after a warning from Anonymous Philippines.  On March 27, the infamous hacktivist group warned COMELEC to tighten up their security on vote-counting machines, hacking into their website and posting the notice on the main page. While the actual breach appears to have come from Anonymous, it was a second hacking group, LulzSec Pilipinas, who actually posted the data dump online.

[i] Image retrieved from Pinoy Tech Blog

Officials from COMELEC are downplaying the significance of the breach, stating that no sensitive information or information of importance was taken. COMELEC spokesperson James Jimene was quoted saying, “I wanted to emphasis that the database in our website is accessible to the public. There is no sensitive information there. We will be using a different website for the election, especially for results reporting and that one we are protecting very well.”

According to Trend Micro, that statement just isn’t true; not only is the information sensitive, it’s sitting open in plain text. “Based on our investigation, the data dumps include 1.3 million records of overseas Filipino voters, which included passport numbers and expiry dates. What is alarming, is that this crucial data is just in plain text and accessible for everyone. Interestingly, we also found a whopping 15.8 million record of fingerprints and a list of peoples running for office since the 2010 elections.”

Whether the hacking will affect the elections or not is a serious matter, but there is also still the great potential for misuse of all of the leaked voters’ information. This information is now at the mercy of cybercriminals who have a wide variety of extortion/blackmail attacks they can use with this data. Stolen data can be used to influence phishing attacks, give access to bank accounts and ultimately could lead to identity theft.

Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.

You can find Secure Sense on Facebook,  LinkedIn and Twitter. Follow us for current company and industry news.


[i] To read more about the Anonymous hack, read here: