At the end of March , hackers broke into the database for the Philippine Commission on Elections in whatInfoSecurity Magazine is calling“what could place as the worst ever government data point gap anywhere . ”
The hack came in a dyad of parting : an initial event that defaced the website , while a 2nd group was capable to take out the database and free it to the internet . The scale of the attack is even with child than that of the Office of Personnel Management breach in 2015 , and leak sensitive data such as fingerprints and passport information .
Shortly after the breach on March 27th , the Philippine Commission on Elections ( COMELEC ) reported that it was only the website that had been hack , not their database , and that most of the information that had been leak waspublic anyway :
[ Comelec spokesman James Jimenez ] said the hacking affected the precinct finder , television demonstration and the search mathematical function of the website .
“ The website ’s interface changed . But for the most part , the database are intact . As a standard procedure with any encroachment , we are assume the time to make certain that we remove all the malware codes that were get across , ” Jimenez say .
…
“ The Comelec web site has been available to the world so if there are people who want to cut up it , they have the opportunities to take its security features . We do not give high level of security in the website , even the precinct finder function , we have back up so it is protected , ” he say .
However , in an investigating resign in the first place this week , TrendMicro discovered that the personal information of upwards of 55 million registered voters was compromised :
Based on our investigating , the data dumps include 1.3 million records of overseas Filipino elector , which included passport numbers and death dates . What is alarming is that this crucial data is just in plain text and accessible to everyone . Interestingly , we also set up a whopping 15.8 million record book of fingerprints and a tilt of hoi polloi take to the woods for office since the 2010 elections .
In addition , among the data leak were file on all candidates extend on the election with the filename VOTESOBTAINED . Based on the computer file name , it reflects the telephone number of voter turnout hold by the candidate . Currently , all VOTESOBTAINED file are set to have NULL as figure .
The entire database of55 million voters was access , but it ’s not light if all of those individuals were affected . If they were , it could be one of the big information breaches to engagement .
The first group warned COMELEC about vulnerabilities in their organisation , particularly in the Automatic Voting Machines that will be used in the upcoming national elections on May 9th .
While this personal information might not straightaway affect the upcoming election , it does potentially pass on one thousand thousand of individuals who could be targeted by criminals with the info in hand .
COMELEC has n’t announced any response to the breach , and how they will go moving frontwards is undecipherable . We ’ve reached out to their offices and will update if they react to our interrogation .
[ TrendMicro , InfoSecurity Magazine , PhilStar ]
Cyber Security
Daily Newsletter
Get the best technical school , science , and culture news in your inbox daily .
News from the futurity , delivered to your present tense .
You May Also Like
