MANILA, Philippines – The hacking of a Philippine election database may have exposed the personal information of all 55 million registered voters, but will not undermine May 9 national elections, officials said Friday, in the latest hacking scandal to hit the Southeast Asian nation.
They said government agents arrested a 23-year-old suspect, a recent graduate in information technology, late Wednesday at his home in Manila. Officials are searching for his alleged accomplices.
Commission on Elections spokesman James Jimenez said the computerized elections will be run on a different server, not the one that was hacked, and that experts say the polls are unlikely to be compromised.
The exposed data is feared to include voters’ names, birthdays, home addresses, email, parents’ full names and in some cases passport details and text markers of fingerprints.
A hacker group defaced the website of the election commission last month, and a second hacker group posted the entire database online, with mirror links where the data could also be downloaded, according to Internet security company Trend Micro.
The Tokyo-based company first reported the breach on its website .
The commission said it has shut down its website.
Presidential spokesman Herminio Coloma condemned the cyberattack and said government agencies are working with the commission to strengthen its security. The government vowed to prosecute the perpetrators.
“Although verifications that have been made thus far have shown that the integrity of the automated election system has not been affected by the latest cyberattack, we share the public’s concern on the ill-effects of this act,” he said.
Trend Micro said that with the breach, “every registered voter in the Philippines is now susceptible to fraud and other risks.”
“With 55 million registered voters in the Philippines, this leak may turn out as one of the biggest government-related data breaches in history,” it said. The data dumps include 15.8 million records of fingerprints, it added.
There are 54.3 million registered voters in the country and 1.3 million living overseas.
Jimenez said the data did not include actual fingerprints, but text markers that cannot recreate fingerprints.
Troy Hunt, an Australian Internet security expert, said it’s difficult to know whether the election results will be put at risk, but that “there were clearly egregious oversights” by election officials “which raise serious questions about their ability to protect their information systems.”
The hacking scandal comes amid an investigation into the cybertheft of $101 million from the Bangladesh central bank’s account in the Federal Reserve Bank of New York, and the money’s transfer to the Philippines and Sri Lanka.
A Philippine Senate inquiry has shown that $81 million was diverted to bank accounts created with fictitious names at a branch of a Philippine bank, consolidated and then shifted to Philippine casinos and junket operators through a local remittance company.