Hacked: Hacking Finance

Is This the Worst Government Data Breach, Ever?


Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.


ChronoPay Looks to Kickstart Bitcoin Adoption in Russia 29th May, 2017

Alleged FBI Hacker Lauri Love Ordered to US Extradition by UK Home Secretary 15th November, 2016


Is This the Worst Government Data Breach, Ever?

Posted on .
This article was posted on Tuesday, 16:51, UTC.

Every single registered voter in the Philippines now his or her personal information exposed in a data breach. The number of registered voters in the country amounts to a staggering 55 million individuals, which ranks the breach as one of the worst governmental data breaches, ever.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

The entire database of the Philippine Commission on Elections (COMELEC), containing details of every registered voter in the country has been the target of a massive data breach.

The breach could very well be the largest governmental data breach of its kind, easily dwarfing the Office of Personal Management (OPM) hack in the United States that eventually saw the leak of personal data of some 20 million U.S. citizens.

An investigation by security firm Trend Micro revealed that a data dump subsequently shared by the hacking outfit behind the breach included sensitive, personally identifiable information (PII) such as fingerprint data and passport information.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Hacktivists’ Warning

The entire episode began when the website of COMELEC was initially defaced by a hacker group, believed to be an offshoot of hacking collective Anonymous. The motivation of the hacking group was to persuade the country’s election commission to upgrade and bolster the security features deployed in the country’s voting machines. These machines will be used for the national elections on May 9.

A statement from Anonymous read:

What happens when the electoral process is so mired in questions and controversies? Can the government still guarantee that the sovereignty of the people will be upheld? We request the implementation of the security features in the PCOS (precinct count optical scan) machines.

Commission on Elections, we are watching! We are Anonymous. We are legion. We do not forgive. We do not forget. Expect us!

The Data Breach

The second hacking outfit, believed to be known as LulzSec Pilipinas, proceeded to breach the commission’s database altogether.

The hacker group dumped the entire database online. The dump was soon available to download via multiple mirror links. In a marked effort to downplay the breach, a spokesperson for COMELEC claimed that no sensitive information was taken as a result of the breach.

The spokesman stated:

There is no sensitive information there. We will be using a different website for the election, especially for results reporting and that one we are protecting very well.

Despite such claims, an investigation by Trend Micro revealed that fingerprint data had indeed been leaked, along with large PII records, in the millions.

The investigation by Trend Micro revealed:

  • 3 million records of overseas Filipino voters, including their passport numbers and expiry dates.
  • The data for overseas citizens is in plain text, accessible by anyone.
  • A massive record of 15.8 million fingerprints.

The incident underlines the importance of prioritizing cybersecurity among governmental entities that typically involves entire databases of citizens’ data. Government agencies typically figure among the top 5 sectors frequently targeted by data breaches, alongside healthcare, education, retail and finance industries.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.

Feedback or Requests?

Receive New Posts on Email:

Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.

There are no comments.

View Comments (0) ...
An online tool claims to enable computers infected by Petya,…