The Independent National Electoral Commission has launched an investigation into the alleged misuse of authorised access credentials and the unauthorised disclosure of information obtained from its Continuous Voter Registration (CVR) database.
The electoral body disclosed this in a statement issued on Tuesday following widespread public concern over the publication of information relating to a candidate who participated in a recent political party primary election in the Federal Capital Territory.
According to INEC, preliminary findings from its ongoing investigation indicate that there was no external breach of its voter registration database, no hacking incident and no unauthorised access to the Commission’s Information and Communication Technology (ICT) infrastructure.
Rather, the Commission said the information in question was accessed using valid user credentials assigned to personnel involved in the ongoing nationwide Continuous Voter Registration exercise but was subsequently released without authorisation.
INEC revealed that an audit trail conducted as part of its investigation has already identified the specific user account through which the information was accessed.
The Commission stated that relevant personnel connected to the account have been questioned and that all units associated with the incident are cooperating fully with investigators.
“As part of the ongoing Continuous Voter Registration exercise nationwide, authorised registration officers were granted controlled access to specific components of the CVR system to enable them perform official duties. Such access is restricted and withdrawn at the conclusion of the exercise,” the Commission explained.
INEC further noted that investigators are examining all technical, administrative and operational aspects of the matter to determine individual responsibility and establish whether internal access-control protocols were breached.
The Commission emphasized that the incident relates only to the retrieval of a specific voter record and does not suggest any compromise of the broader voter registration infrastructure or the personal data of more than 90 million registered voters.
Reaffirming its commitment to data security, INEC said it remains dedicated to safeguarding the confidentiality, integrity and protection of voters’ personal information.
The Commission also disclosed that the Department of State Services has independently commenced an investigation into the matter and assured the public of its full cooperation with security agencies.
INEC warned that anyone found culpable after the conclusion of investigations would face appropriate disciplinary and legal action.
The controversy emerged after information relating to a voter record surfaced online, triggering debates over data privacy, access to electoral records and the protection of citizens’ personal information.
The Commission urged Nigerians to avoid speculation while investigations remain ongoing, assuring that its final findings and any consequential actions will be made public in due course.
The statement was signed by Mohammed Kudu Haruna, National Commissioner and Chairman of the Information and Voter Education Committee (IVEC), on behalf of the Commission.
