A massive data breach has exposed 55 million Philippine voters to potential fraud and other risks after the entire database of the Commission on Elections (Comelec) was hacked and leaked.
A group called Anonymous Philippines originally hacked and defaced the Comelec website March 27, calling on the government to ensure more security for voting machines to be used in the upcoming May 9 national elections.
Later that same day, a group called LulzSec Pilipinas posted the entire database online.
According to Trend Micro, an information technology security company, the data leak included fingerprints of more than 15.8 million voters, as well as passport numbers and expiration dates of 1.3 million voters residing overseas.
The company claims in its blogpost on the incident that "this leak may turn out as the biggest government-related data breach in history, surpassing the Office of Personnel Management [OPM] hack last 2015 that leaked PII [personally identifiable information], including fingerprints and social security numbers of 20 million US citizens."
It also exceeds the record-breaking hack of the Turkish citizenship database, which left 49 million people vulnerable to cybercrime and identity theft last week.
A Comelec spokesperson reassured the public in March, stating "the database in our website is accessible to the public. There is no sensitive information there. We will be using a different website for the election, especially for results reporting, and that one we are protecting very well."
But Trend Micro claims Comelec's initial response to the hack in late-March drastically downplayed its potential effects.
Anonymous Philippines posted on the Comelec website: "But what happens when the electoral process is mired with questions and controversies? Can the government still guarantee that the sovereignty of the people is upheld?"