The Independent National Electoral Commission (INEC) has launched a full-scale investigation into claims that information from its Continuous Voter Registration (CVR) database was accessed and published without authorisation following the release of details linked to a candidate who participated in a recent political party primary in the Federal Capital Territory (FCT).
In a statement issued on Tuesday by the National Commissioner and Chairman of the Information and Voter Education Committee, Mohammed Haruna, the electoral body said it had begun examining the circumstances surrounding the incident and was committed to uncovering the facts.
“The attention of the Independent National Electoral Commission has been drawn to allegations currently circulating on social media and in some sections of the media regarding the alleged unauthorised access to the Commission’s Continuous Voter Registration database and the subsequent publication of information on a candidate in the recent primaries of a political party in the Federal Capital Territory.
“The Commission takes this allegation seriously and has immediately commenced a thorough investigation to establish the facts surrounding the incident,” the statement read.
INEC explained that officials engaged in the ongoing nationwide CVR exercise are granted restricted access to designated sections of the registration platform to process voter registrations, transfers and record updates. It noted that such access is only for official assignments and is revoked once the exercise ends.
According to the commission, an initial review of its audit logs has already identified the account used to obtain the information in question.
“The audit trail from the preliminary investigation has enabled the Commission to identify the user account through which the information was accessed. Accordingly, relevant personnel have been questioned, and all units connected with the incident are cooperating fully with the investigation,” it said.
The electoral body added that investigators are scrutinising every technical, administrative and operational aspect of the case to determine whether any internal procedures governing access to sensitive information were breached.
However, INEC stressed that preliminary findings do not point to any cyberattack or external compromise of its systems.
“Preliminary findings from the Commission’s audit trail so far indicate that there was no external breach of the CVR database, no hacking incident, and no unauthorised external access to the Commission’s ICT infrastructure.
“Rather, the information in question was accessed through valid user credentials assigned to personnel participating in the ongoing CVR exercise but released without authority,” the statement added.
The commission further clarified that the matter under investigation concerns the retrieval of a single voter record and should not be interpreted as a breach affecting its broader voter registration infrastructure or the personal data of over 90 million registered voters.
“The incident under investigation relates to the retrieval of a specific voter record and does not indicate any compromise of the Commission’s broader voter registration infrastructure or the personal data of over 90 million registered voters,” the statement said.
Reaffirming its commitment to safeguarding voter information, INEC said the security, confidentiality and integrity of citizens’ data remain a top priority.
“The Commission wishes to state categorically that it takes the security, confidentiality and integrity of voter data with the utmost seriousness and remains committed to transparency, institutional integrity, and the protection of voters’ personal information,” it said.
The commission also disclosed that the Department of State Services (DSS) has independently opened its own investigation into the matter.
“Furthermore, the Department of State Services, on its own accord, has commenced an independent investigation into the matter. The Commission will continue to cooperate fully with all relevant security agencies and will not hesitate to refer any person found culpable for appropriate legal action,” the statement added.
INEC appealed to the public and media organisations to avoid drawing conclusions while investigations are ongoing, assuring that the outcome of the probe and any subsequent actions would be disclosed when the process is completed.