Every one of the Philippines’ 55m voters could be in danger of fraud

11 Apr 2016

In what could be the biggest government data leak in history 55m people in the Philippines are at the mercy of fraudsters

The details of more than 55m Filipinos are in danger of being rifled by hackers after a electoral database belonging to the Philippines’ Commission on Elections was exposed in what could be the largest-ever hacking of a government site in history.

The exposed data contains extremely sensitive data, including the fingerprints of 15.8m individuals, a well as their passport numbers.

According to Trend Micro, every registered voter in the Philippines is now susceptible to fraud and other risks as a result of the leaking of the entire database of the Philippines Commission on Elections (COMELEC).

It is understood that following the defacement of the COMELEC website on March 27 by a hacker group, a second hacker group posted COMELEC’s entire database online.

The leak may turn out to be the biggest government-related data breach in history, surpassing the Office of Personnel Management hack in the US that leaked the fingerprints and social security numbers of 20m US citizens.

Election tensions

Elections in the Philippines are already quite tense affairs.

It is understood that the first hacker group gave a stern warning for COMELEC to implement the security features of the vote-counting machines.

However, the actions of the second hacker group have exposed COMELEC’s weaknesses in terms of network and data security.

The data dumps include 1.3 million records of overseas Filipino voters, which included passport numbers and expiry dates, as well as 15.8m records of fingerprints and a list of people running for office.

According to Trend Micro, the 55m registered voters are in a precarious position.

“Cyber-criminals can choose from a wide range of activities to use the information gathered from the data breach to perform acts of extortion,” Trend Micro said.

“In previous cases of data breach, stolen data has been used to access bank accounts, gather further information about specific persons, used as leverage for spear phishing emails or BEC schemes, blackmail or extortion, and much more.

Manilla image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com