The Independent National Electoral Commission (INEC) has dismissed claims of an external breach of its Continuous Voter Registration (CVR) database, stating that no hacking incident occurred.
In a press release issued from its headquarters in Abuja, the Commission acknowledged reports circulating on social media alleging unauthorized access to its CVR database and the publication of information relating to a political party’s primary election in the Federal Capital Territory.
INEC confirmed that it has launched a thorough investigation into the matter. Preliminary findings, however, indicate that the data in question was accessed using valid login credentials assigned to officials participating in the ongoing voter registration exercise, rather than through any external cyberattack.
According to the Commission, authorized registration officers were granted limited system access strictly for official duties, such as registering new voters and updating records. This access is typically withdrawn at the end of the exercise.
INEC further revealed that it has identified the specific user account involved through its audit trail system, and relevant personnel have been questioned. The Commission emphasized that all departments connected to the incident are cooperating with the investigation.
While reiterating that its ICT infrastructure remains secure, INEC noted that the issue appears to be a case of internal misuse of authorized access, with information released without proper authorization. The Commission assured the public that appropriate actions will be taken upon conclusion of the investigation.
“The inccident under investigation relates to the retrieval of a specific voter record and does not indicate any compromise of the Commission’s broader voter registration infrastructure or personal data of over 90 million registered voters. The Commission wishes to state categorically that it takes the security, confidentiality and integrity of voter data with the utmost seriousness and remains committed to transparency, institutional integrity, and the protection of voters’ personal information,” the Commission maintained.
