INEC Identifies Staff Member in Voter Data Leak as DSS Opens Separate Investigation

INEC Identifies Staff Member in Voter Data Leak as DSS Opens Separate Investigation

The Independent National Electoral Commission (INEC) has confirmed that a staff member with authorized access to its Continuous Voter Registration (CVR) database is under investigation over the alleged unauthorized disclosure of a voter’s personal record linked to a candidate in a recent political party primary election in the Federal Capital Territory (FCT).

The electoral commission disclosed this on Tuesday amid growing public concern over reports that sensitive voter information had been accessed and circulated outside official channels, sparking questions about the security of Nigeria’s voter database.

In a statement issued by the National Commissioner and Chairman of the Information and Voter Education Committee, Mohammed Kudu Haruna, INEC said preliminary findings from its internal investigation indicate that the incident did not result from a cyberattack, hacking operation, or any external compromise of its information technology systems.

According to the commission, an extensive audit trail review revealed that the voter information was accessed using valid login credentials assigned to personnel participating in the ongoing Continuous Voter Registration exercise.

“Preliminary findings from the Commission’s audit trail so far indicate that there was no external breach of the CVR database, no hacking incident, and no unauthorized external access to the Commission’s ICT infrastructure. Rather, the information in question was accessed through valid user credentials assigned to personnel participating in the ongoing CVR exercise but released without authority,” Haruna stated.

INEC explained that registration officers involved in the nationwide CVR exercise are granted restricted and monitored access to specific sections of the database to perform official functions, including voter registration, transfers, corrections, and updates. Such access, the commission said, is time-bound, supervised, and subject to withdrawal once the exercise concludes.

The commission disclosed that its digital audit system successfully traced the access to a specific user account, enabling investigators to identify the individual involved. Officials said the staff member and other relevant personnel have already been questioned and are cooperating fully with investigators.

READ ALSO:

• VIDEO: Four Killed, Several Injured as Gunmen Attack Soludo Aide’s Convoy
• NUT, ANCOPSS Lead Nationwide Protest Over Abducted Ogbomoso Pupils, Teachers
• ICE Arrests African Migrant Who Claimed to Be Gay for Asylum, Then Married Sheriff’s Daughter

INEC added that a broader review of its technical, administrative, and operational safeguards is currently underway to determine whether internal security protocols were violated and whether additional personnel may have played a role in the unauthorized disclosure.

The commission stressed that the incident involved only a single voter record and should not be interpreted as a compromise of the national voter database. According to INEC, the personal data of more than 90 million registered voters remains secure and unaffected.

“The incident under investigation relates to the retrieval of a specific voter record and does not indicate any compromise of the Commission’s broader voter registration infrastructure,” the statement emphasized.

The controversy emerged after screenshots allegedly containing confidential voter registration details surfaced online and were linked to a candidate who participated in a recent party primary election in the FCT. The disclosure generated widespread debate on social media, with some commentators alleging that INEC’s database had been hacked.

However, the commission insisted that its findings so far point to an internal misuse of authorized access rather than any breach of its cybersecurity architecture.

In a significant development, INEC confirmed that the Department of State Services (DSS) has opened a separate investigation into the matter. According to the commission, the DSS initiated its inquiry independently and has begun gathering evidence to establish the circumstances surrounding the disclosure.

INEC said it is providing full cooperation to the security agency and has made relevant records available to investigators. The commission also assured Nigerians that any individual found culpable would face disciplinary measures and possible legal consequences in line with applicable laws and regulations.

The electoral body further reiterated its commitment to protecting voter information and maintaining public confidence in Nigeria’s electoral process. It noted that safeguarding citizens’ personal data remains a critical component of its digital transformation and election management strategy.

As investigations continue, INEC has urged members of the public, political stakeholders, and media organizations to avoid speculation and allow investigators to complete their work.

The commission promised to make public the outcome of both its internal review and the DSS investigation, including any disciplinary actions, reforms, or corrective measures that may arise from the findings.

The incident has once again highlighted growing concerns over data privacy, insider threats, and cybersecurity within public institutions, with observers calling for stronger access controls, enhanced monitoring systems, and stricter accountability mechanisms to prevent similar occurrences in the future.

INEC Identifies Staff Member in Voter Data Leak as DSS Opens Separate Investigation