INEC Investigates Alleged CVR Data Access, Rules Out External Hacking

The Independent National Electoral Commission (INEC) has launched a detailed investigation into allegations of unauthorized access to its Continuous Voter Registration (CVR) database, following concerns that information relating to a candidate in a recent political party primary in the Federal Capital Territory (FCT) may have been improperly disclosed.

The Commission, however, ruled out any external hacking or cyber intrusion into its voter registration infrastructure, insisting that its systems remain secure and that no breach of its broader database had occurred.

In a statement posted on its official X account on Tuesday, INEC said it had taken the allegations seriously and immediately commenced a comprehensive investigation to establish the circumstances surrounding the incident, including how access was obtained and how the information was subsequently released.

“The Commission has commenced a thorough investigation into the matter to ascertain the facts and determine the level of involvement of any personnel,” INEC said.

The electoral body explained that as part of the ongoing nationwide Continuous Voter Registration exercise, authorised registration officers are granted controlled access to specific segments of the registration platform strictly for official duties such as new voter registration, transfer requests, and updates to voter records.

It stressed that such access is time-bound, role-specific, and automatically withdrawn once the exercise or assigned task is completed, in line with its internal access-control framework.

According to the Commission, preliminary technical reviews and audit trail analysis had already enabled investigators to identify the specific user account through which the voter information was accessed.

INEC said the individuals linked to the account had been invited for questioning, while all relevant departments involved in the registration process were fully cooperating with the ongoing probe.

“The Commission is examining the technical, administrative, and operational dimensions of the incident to determine individual responsibility, including how credentials were used and whether internal procedures were violated,” it said.

INEC added that appropriate disciplinary measures would be taken against any staff found culpable after the conclusion of the investigation.

The Commission, however, clarified that early findings indicated there was no external compromise of its ICT infrastructure, no hacking incident, and no unauthorised access from outside its secured systems.

It further explained that the issue involved the retrieval of a specific voter record through valid internal credentials assigned to authorised personnel participating in the CVR exercise, but said the subsequent release of the information was not authorised.

INEC stressed that the incident did not affect or compromise the wider voter registration database, which it said contains records of more than 90 million registered voters nationwide.

The Commission also confirmed that the Department of State Services (DSS) had independently commenced a parallel investigation into the matter.

INEC reiterated its commitment to safeguarding the integrity, confidentiality, and security of voter data, adding that it treats any allegation involving voter information with “the utmost seriousness.”

It urged members of the public and the media to avoid speculation while investigations are ongoing, assuring that the outcome would be made public once the probe is concluded.

“The Commission remains committed to protecting voter information and ensuring the integrity of its systems,” it said.

المصدر: Leadership (Nigeria)