TDThe Independent National Electoral Commission (INEC) has dismissed claims that its voter registration database was hacked.
It, however, confirmed that it is investigating the alleged unauthorized access and publication of information from its Continuous Voter Registration (CVR) database reportedly linked to the release of details concerning a political aspirant in the Federal Capital Territory.
This was contained in a press statement issued on Tuesday and signed by Mohammed Kudu Haruna.
The Commission said preliminary findings indicate that there was no external breach, hacking incident, or unauthorized access to its ICT infrastructure.
According to INEC, the controversy arose following allegations circulating on social media and in sections of the media concerning unauthorized access to information from the Commission’s CVR database.
Media was awards with subsequent publication of details relating to a candidate who recently participated in a political party primary election in the FCT.
INEC Begins Investigation
The Commission disclosed that it immediately commenced an investigation into the matter and has already traced the user account through which the information was accessed.
“The audit trail from the preliminary investigation has enabled the Commission to identify the user account through which the information was accessed.
“Accordingly, relevant personnel have been questioned, and all units connected with the incident are cooperating fully with the investigation,” the statement said.
INEC explained that as part of the ongoing nationwide CVR exercise, authorized registration officers were granted controlled access to specific components of the voter registration system.
This will enable them to facilitate voter registration, transfer requests, and updates of voter records.
The Commission stressed that such access is strictly limited to official duties and is withdrawn once the exercise concludes.
How Information Was Released
The electoral body stated that evidence gathered so far suggests the information was accessed using valid credentials assigned to personnel participating in the CVR exercise.
It was, nonetheless, allegedly released without authorization.
“The information in question was accessed through valid user credentials assigned to personnel participating in the ongoing CVR exercise but released without authority,” the Commission noted.
INEC further clarified that the incident under investigation concerns the retrieval of a specific voter record and does not suggest any compromise of the Commission’s wider voter registration infrastructure or the personal data of more than 90 million registered voters across the country.
The Commission said it is examining all technical, administrative, and operational factors surrounding the matter to determine individual responsibility and establish whether there was any violation of internal access-control protocols.
In addition, INEC revealed that the Department of State Services (DSS) has independently commenced an investigation into the incident.
“The Commission will continue to cooperate fully with all relevant security agencies and will not hesitate to refer any person found culpable for appropriate legal action,” the statement added.
Public Outrage
The development follows public debate over the publication of voter registration information allegedly linked to a political figure.
Reports suggest that the information was released by individuals associated with the political camp of the Minister of the Federal Capital Territory, Nyesom Wike, including his media aide, Lere Olayinka.
However, INEC’s statement did not mention any individual by name, noting that investigations remain ongoing and urging the public and media organizations to avoid speculation until the process is concluded.
The Commission reaffirmed its commitment to the security, confidentiality, and integrity of voter data, assuring Nigerians that robust safeguards remain in place to protect sensitive electoral information.
INEC said it would make public the outcome of its investigation and any actions taken once the inquiry is completed.
