BAGUIO CITY—The government is bracing for a possible repeat of the data attack in 2016 that leaked personal information and put a risk the privacy of 55 million registered Filipino voters.
Privacy Commissioner Raymund E. Liboro said the government is closely monitoring the lead-up to the midterm elections in May, with data protection as one of the major concerns. Privacy and security officials last week had a high-level meeting to craft the government’s response should a repeat of the 2016 data attack occur, he disclosed.
“Definitely, it [data security] has always been [a concern],” Liboro said in an interview with reporters over the weekend here. “This time, if I may just assure everyone, it is being considered as high priority the security of the upcoming elections. That is why [the National Security Council] called a conference, a meeting just for that.”
During the meeting, National Security Adviser Hermogenes C. Esperon Jr. reiterated lessons from the past data attack, and checked with relevant agencies their measures to prevent 2016 from happening all over again. Liboro claimed authorities are on the same page in prioritizing the data security of the May polls under the supervision of the Commission on Elections (Comelec).
“The preventive steps have been in place, [and now] it is really a matter of checking there whether it is being implemented as planned,” Liboro said.
However, the privacy chief did not confirm nor deny if there are potential threats to the cyber security of the elections. He just said the government is ready to thwart any attack yet again on the personal information of voters.
Less then a month before the 2016 presidential elections, hacker groups Anonymous Philippines and LulzSec Pilipinas infiltrated the web site of Comelec.
Between them, the attack orchestrated by LulzSec was considered the more grave and damaging, as it illegally accessed and downloaded 340 gigabytes of data from the poll body. The group harvested the personal information of over 55 million registered Filipino voters, including those of 1.3 million citizens residing or working overseas.
LulzSec made things worse when it released the stolen haul of data online, giving everyone on the Internet maximum accessibility.
The Comelec played down the impact of the data attack, and claimed the compromised database was accessible to the public anyway and no sensitive personal information were leaked. Apparently, the hackers only managed to obtain a list of nothing more but names and addresses.
Before 2016 ended, the National Privacy Commission issued directives to the Comelec in its resolution to the data leakage.
The Comelec was instructed to designate a data protection officer within one month; conduct a privacy impact assessment within two months; craft a privacy management program within three months; and create a breach management procedure within three months, as well as run breach drills. Further, the poll body was tasked to implement organizational, physical and technical security measures in line with the implementing rules and regulations of the Data Privacy Act of 2012 and circulars related to data protection.