The National Privacy Commission (NPC) has summoned representatives from the Commission on Elections (Comelec) and news outlet Manila Bulletin (MB) following a report of alleged hacking and data breach involving the poll body’s servers.
In a statement Wednesday, Privacy Commissioner John Henry Naga said separate orders were sent to the Comelec and MB technology editor and IT head Art Samaniego Jr., to appear for a clarificatory meeting via teleconference on January 25.
“The NPC’s Complaints and Investigation Division commenced its own independent investigation and issued a notice to Comelec requiring them to explain the alleged hacking and data breach,” Naga said.
He said the Comelec “must address the serious allegations” to determine whether personal data were compromised or processed in connection with the upcoming 2022 national and local elections.
“Comelec is also directed to conduct a comprehensive investigation on the matter and submit to the NPC the results thereof no later than January 21, 2022,” Naga said.
He assured the public that the NPC does “not tolerate any act in violation of the Data Privacy Act” such as negligence in implementing organizational, physical, and technical security measures on personal data processing systems, whether in government or private institutions.
On Saturday, the NPC was notified by Samaniego of a suspected breach on Comelec servers wherein an estimated 60 gigabytes of data were allegedly accessed and downloaded by a group of hackers.