Comelec to notify voters at risk of identity theft

enablePagination: false
maxItemsPerPage: 10
maxPaginationLinks: 10

Metro Manila (CNN Philippines) — In a few weeks, the Commission on Elections (Comelec) will begin sending notices to people whom they deem especially at risk of identity theft. If you are a registered overseas voter or if you filled out an e-form on the Comelec website before it was hacked, then you will probably be among the first recipients.

Comelec Education and Information Department Director James Jimenez told CNN Philippines, poll officials are drafting a list of people whose personal identity information was hacked from the Comelec database and then released to the Internet in March. “Our main concern really is that their identities might be spoofed, might be hijacked, might be used for purposes that are not legitimate,” Jimenez said.

Of the roughly 55 million registered voters in the database, overseas Filipinos are at greater risk of identity theft because they supplied more sensitive information in their application forms. That includes their passport numbers and information about family members.

That is also the case with people who filled out online forms on the Comelec website.

Another group at high risk are Comelec officials. The hacked database included their e-mail addresses, information on their cash advances and cases they were working on.

Through the individual notices, the Comelec aims to help victims protect themselves from different forms of fraud.

“We intend to inform the individual that this is something that's hanging over his head and perhaps help him get in touch with credit companies. We want to put the banks, financial institutions, immigration and all these other organizations on the alert against the possibility of this particular identity being used,” Jimenez said.

Jimenez said the list will be ready by August 31 (Wednesday). The Comelec will prioritize notices for the high-risk groups but it hopes to notify all 55 million people affected by the data leak.

Around the same date, the National Privacy Commission plans to release findings from its investigation of the matter. Its report may include recommendations on whether to hold certain Comelec personnel criminally liable for the data breach.

National Bureau of Investigation (NBI) Cyber Crime Division Chief Ronald Aguto said the suspected hackers, Paul Biteng and Joenel de Asis, have been charged with violating the Anti-Cyber Crime Law. Both suspects have posted bail.

Aguto said a third suspect went offline soon after the NBI arrested Biteng and de Asis, and the agency has since shelved its investigation.

To help prevent attacks on government websites and databases, the NBI has put up a Cyber Security Office. Its agents will monitor web traffic in the so-called “Dark Web” 24 hours a day, 7 days a week. They will also participate incognito in hacker forums to ferret out plans to breach government sites.

“We plan to keep expanding the Cyber Security Office’s operations until we are able to watch over nationwide web traffic,” Aguto said.

Both Jimenez and Aguto said all that can be done now is to prevent identity fraud because there is no way to take back all the information “released into the wild.”

For the Comelec, the task is to constantly remind registered voters to be on the lookout. “No one wants negative attention,” Jimenez said, “but if that’s the price we have to pay, then that’s the price we have to pay.”

Aguto warned registered voters to take precautions. “You have to change your passwords. Don't use the common passwords like your mother’s maiden name or your birthday. You have to have a stronger password to prevent your data from being compromised, in case it was leaked.”