The Independent National Electoral Commission (INEC) has launched an investigation into allegations of unauthorised access to its Continuous Voter Registration (CVR) database and the disclosure of information relating to a candidate in a recent political party primary in the Federal Capital Territory.
Preliminary Findings
In a statement issued on Tuesday, the commission said preliminary findings showed there was no external breach of its database, no hacking incident and no unauthorised access to its information and communications technology infrastructure. INEC said the information was accessed through valid user credentials assigned to personnel participating in the ongoing nationwide Continuous Voter Registration exercise but was subsequently released without authorisation.
Restricted Access for Official Duties
The commission said authorised registration officers were granted restricted access to specific components of the CVR system to carry out official duties, including registering new voters, processing transfer requests and updating voter records. “As part of the ongoing Continuous Voter Registration (CVR) exercise nationwide, authorised INEC Registration Officers were granted controlled access to specific components of the CVR system to enable them register new applicants, process requests for transfer of registration and update voter records where necessary. Such access is restricted to official duties only and is withdrawn at the conclusion of the exercise,” INEC said.
Audit Trail and Accountability
According to INEC, its audit trail has enabled investigators to identify the user account through which the information was accessed, while relevant personnel have already been questioned. The commission added that it is examining all technical, administrative and operational aspects of the incident to establish responsibility and determine whether internal access-control protocols were breached.
No Compromise of Broader Infrastructure
INEC stressed that the incident involved the retrieval of a specific voter record and did not indicate any compromise of its broader voter registration infrastructure or the personal data of more than 90 million registered voters. The electoral body reaffirmed its commitment to protecting voter information, maintaining data confidentiality and preserving the integrity of the electoral process.
Independent Investigation by DSS
It also disclosed that the Department of State Services has commenced an independent investigation into the matter. INEC said it would cooperate fully with security agencies and take appropriate legal action against anyone found culpable following the conclusion of investigations. The statement was signed by Mohammed Kudu Haruna, National Commissioner and Chairman of the Information and Voter Education Committee.
