NPC orders Comelec to explain alleged data breach

Metro Manila (CNN Philippines, January 12) — The National Privacy Commission on Wednesday directed the Commission on Elections to explain the alleged hacking of its servers.

The NPC set a virtual “clarificatory meeting” with Comelec and Manila Bulletin on Jan. 25 to discuss the news organization’s report on the supposed data breach.

“The Comelec must address the serious allegations made in the Manila Bulletin news report and determine whether personal data were indeed compromised, particularly personal information, sensitive personal information, or data affecting the same, which were processed in connection with the upcoming 2022 national and local elections," said Privacy Commissioner John Henry Naga in a statement.

The NPC also ordered Comelec to conduct a comprehensive probe into the matter and submit its findings no later than Jan. 21.

On Jan. 10, the Manila Bulletin reported an alleged hacking incident into the Comelec’s servers that was discovered by the publication's tech team. The downloaded data could potentially affect the May 2022 elections, the report said.

Comelec spokesperson James Jimenez questioned the claim, arguing that the information, which reportedly included passcodes from vote-counting machines, was not yet available in the systems.

The poll body has since launched an investigation into the matter.