22 Apr Comelec Data Breach: “Philippines, we have your data :b” Website Made Philippine Voter Data Searchable
Publicized on social media yesterday, April 21 Thursday is the site “Philippines, we have your data”. A new site letting anyone search any names listed in the database breached from the Comelec’s data. The group known as Lulzsec Pilipinas lead the leakage of such data.
How dangerous is this to the voter’s identity and privacy? Well, the site allows anyone to input a first name and last name indexing a list of possible matches grabbed from the Comelec database, which can also include their own data. And based on reports, such data include birthdates, fingerprint data, one’s personal address, names of relatives, passport information, citizenship information and other miscellaneous information. Unlike what was called the “Have I Been Pwned” which was a searchable index that only informed the scope of the breach to individuals, the case of the recent site is that none of the information stored on it is kept private from any other individual. And as like what the website said, “we thought that it would be fun to make a search engine over that data.”
Later that night, IT experts was able to identify steps on how to mitigate the impact of the leak. But due to the breach, Filipino voters are “susceptible to fraud and other risks” according to the security firm Trend Micro. Fortunately, the suspected hacker of the Comelec website has already been captured and is now under the government custody.
No Comments