By Nkechi Eze
The Independent National Electoral Commission (INEC) has commenced a comprehensive investigation into allegations of unauthorised access to its Continuous Voter Registration (CVR) database following the publication of information relating to a candidate in a recent political party primary election in the Federal Capital Territory.
According to an official signed statement by the National Commissioner and Chairman, Information and Voter Education Committee (IVEC), Mohammed Haruna, the Commission has taken the allegations seriously and immediately initiated steps to establish the facts surrounding the incident.
INEC explained that as part of the ongoing nationwide Continuous Voter Registration exercise, authorised Registration Officers were granted controlled access to specific components of the CVR system to facilitate the registration of new applicants, processing of voter transfer requests and updating of voter records where necessary. The Commission noted that such access is strictly limited to official duties and is withdrawn at the end of the exercise.
The electoral body disclosed that preliminary findings from its audit trail have enabled investigators to identify the user account through which the information was accessed. Consequently, relevant personnel have been questioned, while all units connected to the matter are cooperating fully with the ongoing investigation.
According to the statement, the Commission is examining all technical, administrative and operational aspects of the incident to establish individual responsibility, determine the circumstances surrounding the use of the credentials involved and identify any breach of internal access-control protocols before taking appropriate action.
INEC, however, stated that preliminary findings indicate there was no external breach of its CVR database, no hacking incident and no unauthorised external access to its information and communication technology infrastructure.
Rather, the Commission said the information in question was accessed using valid user credentials assigned to personnel participating in the ongoing voter registration exercise but was subsequently released without authorisation.
The Commission further clarified that the incident under investigation involved the retrieval of a specific voter record and does not suggest any compromise of its broader voter registration infrastructure or the personal data of more than 90 million registered voters nationwide.
Reaffirming its commitment to data protection, INEC stressed that it places the highest priority on the security, confidentiality and integrity of voter information and remains dedicated to transparency, institutional integrity and the protection of personal data.
The Commission also revealed that the Department of State Services (DSS) has independently commenced an investigation into the matter. It pledged full cooperation with security agencies and vowed to ensure that anyone found culpable faces appropriate legal consequences.
INEC urged members of the public and the media to disregard speculation while investigations are ongoing, assuring Nigerians that it will make its final findings and any corrective measures public upon the conclusion of the inquiry.
