Attack on Philippines Election Commission Might Be The Largest Data Breach Ever

Illustration for article titled Attack on Philippines Election Commission Might Be The Largest Data Breach Ever

At the end of March, hackers broke into the database for the Philippine Commission on Elections in what InfoSecurity Magazine is calling “what could rank as the worst ever government data breach anywhere.”


The hack came in a couple of parts: an initial event that defaced the website, while a second group was able to extract the database and release it to the web. The scale of the attack is even larger than that of the Office of Personnel Management breach in 2015, and leaked sensitive information such as fingerprints and passport information.

Shortly after the breach on March 27th, the Philippine Commission on Elections (COMELEC) reported that it was only the website that had been hacked, not their database, and that most of the information that had been leaked was public anyway:

[Comelec spokesman James Jimenez] said the hacking affected the precinct finder, video demonstration and the search function of the website.

“The website’s interface changed. But for the most part, the database are intact. As a standard procedure with any intrusion, we are taking the time to make sure that we remove all the malware codes that were penetrated,” Jimenez said.


“The Comelec website has been available to the public so if there are people who want to hack it, they have the opportunities to study its security features. We do not give high level of security in the website, even the precinct finder function, we have back up so it is protected,” he said.

However, in an investigation released earlier this week, TrendMicro discovered that the personal information of upwards of 55 million registered voters was compromised:

Based on our investigation, the data dumps include 1.3 million records of overseas Filipino voters, which included passport numbers and expiry dates. What is alarming is that this crucial data is just in plain text and accessible to everyone. Interestingly, we also found a whopping 15.8 million record of fingerprints and a list of people running for office since the 2010 elections.

In addition, among the data leaked were files on all candidates running on the election with the filename VOTESOBTAINED. Based on the filename, it reflects the number of votes obtained by the candidate. Currently, all VOTESOBTAINED file are set to have NULL as figure.

The entire database of 55 million voters was accessed, but it’s not clear if all of those individuals were affected. If they were, it could be one of the largest data breaches to date.

The first group warned COMELEC about vulnerabilities in their systems, particularly in the Automatic Voting Machines that will be used in the upcoming national elections on May 9th.


While this personal information might not directly affect the upcoming election, it does potentially leave millions of individuals who could be targeted by criminals with the information in hand.

COMELEC hasn’t announced any response to the breach, and how they will proceed moving forward is unclear. We’ve reached out to their offices and will update if they respond to our questions.


[TrendMicro, InfoSecurity Magazine, PhilStar]

Andrew Liptak is the former Weekend editor of io9/Gizmodo. He is the co-editor of War Stories: New Military Science Fiction and hails from Vermont.


55 million registered voters

48 million of them are fake.

Sorry if I sound disrespectful, but I was raised in that country for seventeen years. The political system and corruption is a major reason why I’m never going to live there ever again, and even now only visit VERY rarely when I have no choice in order to fulfill very specific, binding obligations. I would happily spend decades before ever setting foot in NAIA ever again.