The Independent National Electoral Commission (INEC) says it has launched an investigation into allegations of unauthorised access to its Continuous Voter Registration (CVR) database following the circulation of information relating to a candidate who participated in a recent political party primary in the Federal Capital Territory.
In a statement signed by the Chairman of the Information and Voter Education Committee, Mohammed Kudu Haruna, on Tuesday, the commission said preliminary findings showed that the information was accessed using valid credentials assigned to personnel involved in the ongoing voter registration exercise and not through any external cyberattack.
INEC said it became aware of allegations circulating on social media and in parts of the media suggesting that its CVR database had been compromised and that information from the system had been improperly disclosed.
According to the commission, authorised registration officers participating in the nationwide CVR exercise were granted controlled access to specific sections of the database to register new voters, process transfer requests and update voter records. It stressed that such access is strictly limited to official duties and is revoked once the exercise ends.
The electoral body disclosed that its audit trail had enabled investigators to identify the user account through which the information was accessed, adding that relevant personnel had been questioned while all units connected to the incident were cooperating with the investigation.
INEC said it was examining technical, administrative and operational aspects of the matter to determine whether internal access-control protocols were breached and to establish individual responsibility before taking appropriate action.
The commission, however, maintained that there was no evidence of an external breach of its database, hacking incident or unauthorised access to its wider information and communications technology infrastructure.
“Rather, the information in question was accessed through valid user credentials assigned to personnel participating in the ongoing CVR exercise but released without authority,” the statement said.
INEC further stated that the incident involved the retrieval of a specific voter record and did not suggest any compromise of its broader voter registration infrastructure or the personal data of more than 90 million registered voters.
The commission reaffirmed its commitment to safeguarding voter information, saying the security, confidentiality and integrity of voter data remain a top priority.
It also disclosed that the Department of State Services (DSS) had independently commenced an investigation into the matter and assured that it would cooperate fully with security agencies.
INEC urged the public and the media to avoid speculation while investigations continue, promising to make its findings and any subsequent actions public once the probe is concluded.
