The Independent National Electoral Commission (INEC) has commenced an investigation into allegations of unauthorised access to its Continuous Voter Registration (CVR) database and the subsequent disclosure of information relating to a candidate in a recent political party primary election in the Federal Capital Territory.
In a statement issued on Tuesday by Mohammed Kudu Haruna, National Commissioner and Chairman of the Information and Voter Education Committee (IVEC), the Commission said it became aware of the allegations through reports circulating on social media and in sections of the media and had immediately launched a thorough inquiry to establish the facts surrounding the incident.
INEC explained that, as part of the ongoing nationwide CVR exercise, authorised Registration Officers were granted controlled access to specific components of the registration system to register new applicants, process transfer requests and update voter records.
According to the Commission, such access is strictly limited to official duties and is withdrawn once the exercise ends.
The Commission disclosed that preliminary audit findings had enabled investigators to identify the user account through which the information was accessed. Relevant personnel have since been questioned, while all units connected to the incident are cooperating with the ongoing investigation.
INEC said it is examining the technical, administrative and operational circumstances surrounding the matter to determine individual responsibility, assess any breach of internal access control protocols and take appropriate action where necessary.
However, preliminary findings indicate that there was no external breach of the CVR database, no hacking incident and no unauthorised external access to the Commission’s information and communications technology infrastructure.
The Commission added that the information was accessed using valid user credentials assigned to personnel participating in the ongoing CVR exercise and was subsequently released without authorisation.
INEC further clarified that the incident involved the retrieval of a specific voter record and did not suggest any compromise of its wider voter registration infrastructure or the personal data of more than 90 million registered voters.
Reaffirming its commitment to data protection, the Commission said it remains dedicated to safeguarding the security, confidentiality and integrity of voter information, as well as upholding transparency and institutional integrity.
The Commission also revealed that the Department of State Services (DSS) has independently commenced an investigation into the matter.
INEC pledged full cooperation with security agencies and stated that any individual found culpable would be referred for appropriate legal action.
The Commission urged members of the public and the media to avoid speculation while investigations continue, assuring that it will provide updates on its final findings and any measures taken in response to the incident.