The Independent National Electoral Commission (INEC) said it has identified the user account through which information to its continuous voter registration (CVR) database was allegedly accessed. The Commission, however, said preliminary findings and audit trail so far, did not indicate that there was external breach of the database.

INEC in a statement by Chairman, Information and Voter Education Committee (IVEC), Mohammed Kudu Haruna, disclosed that the relevant personnel involved in the matter have been questioned, adding that all units connected with the incident are cooperating fully with the investigation.

Haruna who is INEC National Commissioner, further stated that the Commission “is also examining all technical, administrative and operational factors associated with the matter in order to establish individual responsibility and determine the circumstances surrounding the use of those credentials and identify any breach of internal access-control protocols, before taking appropriate action against anyone involved.”

He explained that as part of the CVR exercise nationwide, registration officers were granted controlled access to specific components of the CVR system to enable them register new applicants, process requests for transfer of registration and update voter records where necessary. According to him, such access is restricted to official duties only and is withdrawn at the conclusion of the exercise.

Haruna dismissed the hacking incident, or unauthorised external access to the INEC’s ICT infrastructure. “Rather, the information in question was accessed through valid user credentials assigned to personnel participating in the ongoing CVR exercise but released without authority,” he added.

The National Commissioner disclosed that the incident under investigation relates to the retrieval of a specific voter record, adding that it does not indicate any compromise of the Commission’s broader voter registration infrastructure or the personal data of over 90 million registered voters.

He stated that INEC takes the security, confidentiality and integrity of voter data with the utmost seriousness, and is committed to transparency, institutional integrity, and the protection of voters’ personal information.