DSS joins probe, as INEC traces voter data leak to insider

By Omeiza Ajayi, ABUJA

The Independent National Electoral Commission (INEC) has confirmed that a staff member with legitimate access to its Continuous Voter Registration (CVR) database is now the focus of an investigation into the unauthorized disclosure of a voter record belonging to a candidate in a recent party primary in the Federal Capital Territory (FCT).

INEC announced the development on Tuesday in a statement signed by National Commissioner and Chairman of the Information and Voter Education Committee, Mohammed Kudu Haruna, after allegations of a database compromise spread across social media and sections of the press.

According to the electoral umpire, the Department of State Services (DSS) is also conducting a parallel probe into the breach.

The commission’s internal audit trail indicated that there was no external breach of the CVR database, no hacking incident, and no unauthorized external access to the commission’s ICT infrastructure. Instead, the information in question was accessed through valid user credentials assigned to personnel participating in the ongoing CVR exercise but released without authority, Haruna said.

Registration officers involved in the nationwide CVR exercise had been granted controlled access to specific components of the database for the limited purposes of registering new applicants, processing transfer requests, and updating voter records. The commission described this access as strictly restricted to official duties and withdrawable at the close of the exercise.

INEC said the audit trail enabled investigators to pinpoint the specific user account through which the record was retrieved.

Relevant personnel have since been questioned, and all units connected with the incident are cooperating with the investigation, Haruna added.

The commission is examining every technical, administrative, and operational aspect of the matter to establish individual responsibility and determine whether internal access‑control protocols were violated.

Regarding the scope of the breach, the commission said only a single voter record was accessed, and the personal data of more than 90 million registered voters remains secure. The integrity of the broader voter registration infrastructure was not called into question.

The DSS launched its own independent investigation without prompting from the commission.

INEC said it would cooperate fully with the agency and all other relevant security bodies, and warned that anyone found culpable would be referred for prosecution.

It urged the public and the media to set aside speculation while investigations continue. The commission also pledged to publish its final findings and any measures taken in response to the incident once they are concluded.

The post DSS joins probe, as INEC traces voter data leak to insider appeared first on Vanguard News.