FB pixel

Philippines’ NPC provides more insight into COMELEC breach ruling

Categories Biometrics News  |  Elections

Philippines’ National Privacy Commission (NPC) recently provided greater insight into its decision that the Commission on Elections‘ (COMELEC) be held liable for a massive breach of its voter database last March, according to a report by The Manila Times.

The database breach resulted in the leak of millions of voters personal identifiable information, including passport information and fingerprint data.

The NPC recently ruled that the COMELEC should be held liable for the database breach with COMELEC chairman J. Andres D. Bautista set to face criminal charges for the negligence.

In its report, the NPC found the COMELEC in violation of several provisions of the Data Privacy Act. For instance, despite COMELEC’s claims that its website and the public-facing applications — Precinct Finder and Post Finder — had several security measures in place, the NPC discovered that they all contained flaws which were exploited by Anonymous Ph and LulSecPinas.

Additionally, the COMELEC claimed that its information infrastructure was protected by three layers of firewalls and intrusion detection systems. However, the NPC did not detect the exfiltration of databases in its investigation and further discovered that the COMELEC left data traffic unmonitored during the period of exfiltration.

The investigation found that COMELEC had not implemented any data protection policies and programs, nor had it assigned a data protection officer to oversee these responsibilities.

The COMELEC did not implement any of the security measures it claimed to put in place until after the database breach had happened.

To make matters worse, the Commission tried to conceal the scope and magnitude of the database breach and leak by actively downplaying the incident. In its official statement, the COMELEC questioned the accuracy of the data illegally accessed and copied.

The Commission also delayed alerting the NPC of the incident, which directly violated the mandatory reporting requirement of the Data Privacy Act.

Following its investigation, the NPC has ordered the COMELEC to assign a Data Protection Officer, perform a privacy impact assessment, develop a comprehensive privacy management program, create a breach management procedure, and implement organizational, physical and technical security measures.

The recommendations are all intended to provide COMELEC with stronger security measures to protect personally identifiable and sensitive data

Article Topics

 |   |   |   |   | 

Latest Biometrics News


Biometrics cutting the line of in-person payments innovations: Mastercard

Mastercard sees biometrics for in-store payments as a part of a broader shift towards seamless interactions of all kinds, as…


New South Wales’ government is investing millions in digital identity

New South Wales’ decentralized digital identity program is getting a cash infusion from the Premier Chris Minns’ government, which has…


Innovatrics cuts fingerprint error rate by 20%, upgrades SmartFace platform

Innovatrics has reported its best-yet scores in NIST’s fingerprint biometrics testing, and added a new feature to its facial recognition…


Canadian cruise terminal gets Pangiam face biometrics for ID verification

The Vancouver Fraser Port Authority and U.S. Customs and Border Protection (CBP) have joined forces to implement face biometrics for…


Atlantic Council stresses importance of DPI, data for stronger digital economies

The Atlantic Council has highlighted the importance of digital identity and digital public infrastructure (DPI) in birthing and growing strong,…


Sri Lanka extends bid deadline for national digital ID project

The Government of Sri Lanka has extended the deadline for the submission of bids for the procurement of a Master…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events