Philippines electoral data breach much worse than initially reported, possibly worst ever

In late March, the Philippine Commission on Elections website was defaced in an Anonymous op, and a few days later, Lulzsec Pilipinas dumped its voter database. At the time, the Commission claimed that no sensitive information was exposed in the breach, but that is clearly not the case.

The breach contains the records of 1.3m overseas Philippines voters, including their passport details; it also includes 15.8m fingerprints.

The Anonymous defacement op criticized the commission for its lax security and called on it to improve its operations prior to the May 9 elections.

"Our research showed that massive records of PII, including fingerprints data were leaked. Included in the data COMELEC deemed public was a list of COMELEC officials that have admin accounts," the firm said in a blog post.

"Based on our investigation, the data dumps include 1.3 million records of overseas Filipino voters, which included passport numbers and expiry dates. What is alarming is that this crucial data is just in plain text and accessible to everyone. Interestingly, we also found a whopping 15.8 million records of fingerprints and a list of people running for office since the 2010 elections."

Data Protection Mishap Leaves 55M Philippine Voters at Risk
[Trend Micro]

Every Voter in Philippines Exposed in Mega Hack
[Phil Muncaster/Infosecurity]

(via Gizmodo)