Key points
- INEC has launched an investigation into the alleged unauthorised disclosure of information from its Continuous Voter Registration (CVR) database.
- Preliminary findings indicate there was no hacking or external breach of the commission’s ICT infrastructure.
- The DSS has commenced a separate investigation, while INEC vows to prosecute anyone found culpable.
Main story
The Independent National Electoral Commission (INEC) has commenced an investigation into allegations of unauthorised access to its Continuous Voter Registration (CVR) database following the circulation of information relating to a candidate who participated in a recent political party primary election in the Federal Capital Territory.
In a statement issued on Tuesday by the National Commissioner and Chairman of the Information and Voter Education Committee, Mohammed Kudu Haruna, the commission said it was treating the matter with utmost seriousness and had already initiated a thorough inquiry to establish the circumstances surrounding the incident.
According to INEC, authorised Registration Officers participating in the ongoing nationwide CVR exercise were granted controlled access to specific sections of the registration system to perform official duties such as registering new voters, processing transfer requests and updating voter records.
The commission explained that such access is strictly limited to official functions and is withdrawn once the registration exercise is concluded.
INEC disclosed that preliminary investigations, aided by its audit trail system, had enabled it to identify the user account through which the information was accessed.
The commission said relevant personnel had been questioned and all departments connected to the matter were fully cooperating with investigators.
“The Commission is examining all technical, administrative and operational factors associated with the matter in order to establish individual responsibility and determine the circumstances surrounding the use of those credentials,” the statement said.
INEC, however, clarified that its preliminary findings showed there was no external breach of the CVR database, no hacking incident and no unauthorised external access to its ICT infrastructure.
Rather, the information was reportedly accessed using valid credentials assigned to personnel engaged in the ongoing voter registration exercise but was subsequently released without authorisation.
The commission stressed that the incident involved the retrieval of a specific voter record and did not suggest any compromise of its broader voter registration infrastructure or the personal data of more than 90 million registered voters.
Reaffirming its commitment to data security, INEC stated that it remained dedicated to safeguarding the confidentiality, integrity and security of voter information.
The commission also revealed that the Department of State Services (DSS) had independently commenced an investigation into the matter.
INEC pledged to cooperate fully with security agencies and vowed to ensure that anyone found responsible would face appropriate legal action.
The electoral body urged members of the public and the media to refrain from speculation while investigations remain ongoing, assuring Nigerians that it would make its final findings public in due course.
The issues
The incident has raised concerns about data privacy, internal access controls and the management of sensitive voter information within Nigeria’s electoral system. While INEC maintains that no cyberattack occurred, the alleged misuse of authorised credentials highlights the risks associated with insider access to critical databases.
What’s being said
INEC insists that the matter does not amount to a breach of its voter registration system and that the personal records of over 90 million registered voters remain secure.
The commission also emphasised that any official found to have violated internal protocols would face disciplinary and legal consequences.
What’s next
Investigations by both INEC and the DSS are ongoing. The commission is expected to release its final findings after completing its review of the technical and administrative circumstances surrounding the incident.
Bottom line
INEC says the alleged data disclosure stemmed from the misuse of authorised access credentials rather than a cyberattack, but investigations are continuing to determine responsibility and ensure accountability.
%20has%20commenced%20an%20investigation%20into%20allegations%20of%20unauthorised%20access%20to%20its%20Continuous%20...){kind=link}