THE Independent National Electoral Commission (INEC) has commenced an investigation into allegations of unauthorised access to its Continuous Voter Registration (CVR) database following the publication of information relating to a candidate who participated in a recent political party primary election in the Federal Capital Territory (FCT).
The commission disclosed this in a statement sent to News Point Nigeria on Tuesday by its National Commissioner and Chairman of the Information and Voter Education Committee, Mohammed Haruna, who said INEC was treating the matter with the utmost seriousness.
According to the statement, the commission became aware of allegations circulating on social media and in sections of the media regarding the alleged unauthorised access to its voter registration database and the subsequent publication of information linked to a candidate who participated in a recent political party primary in the FCT.
“The attention of the Independent National Electoral Commission has been drawn to allegations currently circulating on social media and in some sections of the media regarding the alleged unauthorised access to the Commission’s Continuous Voter Registration database and the subsequent publication of information on a candidate in the recent primaries of a political party in the Federal Capital Territory.
“The Commission takes this allegation seriously and has immediately commenced a thorough investigation to establish the facts surrounding the incident,” the statement read.
INEC explained that, as part of the ongoing nationwide Continuous Voter Registration exercise, authorised registration officers were granted controlled access to specific components of the registration system to facilitate voter registration, transfer requests and updates to voter records.
The commission noted that such access is strictly limited to official duties and is automatically withdrawn once the registration exercise is concluded.
Providing an update on the investigation, Haruna revealed that preliminary findings from the commission’s audit trail had already helped identify the user account through which the information was accessed.
“The audit trail from the preliminary investigation has enabled the Commission to identify the user account through which the information was accessed. Accordingly, relevant personnel have been questioned, and all units connected with the incident are cooperating fully with the investigation,” the statement said.
INEC further stated that investigators are examining all technical, administrative and operational aspects of the matter to determine responsibility and establish whether any internal access-control procedures were violated.
However, the electoral body stressed that preliminary findings showed there was no evidence of an external breach of its systems.
“Preliminary findings from the Commission’s audit trail so far indicate that there was no external breach of the CVR database, no hacking incident, and no unauthorised external access to the Commission’s ICT infrastructure.
“Rather, the information in question was accessed through valid user credentials assigned to personnel participating in the ongoing CVR exercise but released without authority,” the statement added.
The commission also clarified that the incident under investigation involved the retrieval of a specific voter record and did not indicate any compromise of the wider voter registration infrastructure or the personal information of more than 90 million registered voters.
“The incident under investigation relates to the retrieval of a specific voter record and does not indicate any compromise of the Commission’s broader voter registration infrastructure or the personal data of over 90 million registered voters,” the statement said.
Reaffirming its commitment to protecting voter information, INEC said it remained dedicated to ensuring the security, confidentiality and integrity of electoral data.
“The Commission wishes to state categorically that it takes the security, confidentiality and integrity of voter data with the utmost seriousness and remains committed to transparency, institutional integrity, and the protection of voters’ personal information,” it stated.
The commission further disclosed that the Department of State Services (DSS) had independently launched its own investigation into the matter.
“Furthermore, the Department of State Services, on its own accord, has commenced an independent investigation into the matter. The Commission will continue to cooperate fully with all relevant security agencies and will not hesitate to refer any person found culpable for appropriate legal action,” the statement added.
INEC urged members of the public and the media to refrain from speculation while investigations are ongoing, assuring Nigerians that the findings and any consequential actions would be made public in due course.
The controversy emerged after actor and politician Emeka Ike threatened legal action against Lere Olayinka, a media aide to the Minister of the Federal Capital Territory, Nyesom Wike, over the alleged exposure of his personal data from INEC’s portal.
News Point Nigeria reports that Ike, a native of Imo State, contested the House of Representatives seat for the AMAC/Bwari Federal Constituency in the Federal Capital Territory under the Nigerian Democratic Congress but was unsuccessful.
Olayinka recently attracted criticism after sharing what appeared to be Ike’s voter information through an INEC administrative webpage.
In a post on his X account on Saturday, Olayinka claimed that Ike was previously registered as a voter in Imo State before transferring his registration to the FCT.
The post included two images that many social media users alleged were obtained from INEC’s administrative login portal.
The screenshots reportedly contained personal information, including Ike’s application number, registration centre, Voter Identification Number (VIN), profile photograph, name and date of application.
Reacting during an appearance on Channels Television programme The Morning Brief on Tuesday, Ike described Olayinka’s action as shocking and characterised it as the height of political rascality.
The ongoing investigation is expected to determine how the information was accessed and released, as well as whether any personnel violated INEC’s internal data protection and access-control protocols.