The Independent National Electoral Commission, INEC, on Tuesday, said it has launched a comprehensive investigation into allegations of unauthorized access to its Continuous Voter Registration, CVR, database.
The Commission, which ruled out external breach of the database, said the probe follows the circulation of voter information linked to a candidate in a recent political party primary election in the Federal Capital Territory, FCT.
INEC said it was treating the matter with utmost seriousness and had already commenced efforts to establish the facts surrounding the incident.
According to a statement issued on Tuesday by the National Commissioner and Chairman of the Information and Voter Education Committee, Mohammed Kudu Haruna, preliminary findings indicate that the incident did not result from any external attack on the Commission’s systems.
Haruna explained that as part of the ongoing nationwide CVR exercise, authorized Registration Officers were granted controlled access to specific sections of the voter registration platform to facilitate the registration of new voters, transfers, and updates of voter records.
He noted that such access is strictly limited to official duties and is withdrawn once the exercise is concluded.
He also disclosed that an audit trail generated during the preliminary investigation enabled the Commission to identify the user account through which the information was accessed.
Consequently, relevant personnel have been questioned, while all departments connected to the matter are cooperating fully with investigators.
The statement said the Commission is examining the technical, administrative and operational circumstances surrounding the incident to determine whether internal access-control protocols were violated and to establish individual responsibility before appropriate disciplinary or legal action is taken.
According to the Commission, evidence gathered so far shows there was no hacking incident, no external breach of the CVR database, and no unauthorized access to INEC’s Information and Communication Technology infrastructure.
Rather, the information was reportedly accessed through valid user credentials assigned to personnel involved in the ongoing voter registration exercise and subsequently disclosed without authorization.
INEC stressed that the incident involved the retrieval of a specific voter record and does not suggest any compromise of the wider voter registration system or the personal data of more than 90 million registered voters nationwide.
While reaffirming its commitment to data protection, the Commission said it remains dedicated to safeguarding the security, confidentiality and integrity of voter information while upholding transparency and institutional accountability.
The statement further revealed that the Department of State Services, DSS, has independently commenced its own investigation into the matter.
INEC pledged full cooperation with security agencies and vowed to ensure that anyone found culpable faces appropriate legal consequences.
The Commission also urged members of the public and the media to disregard speculation and await the outcome of the investigations, assuring Nigerians that it would make its final findings and any corrective measures public in due course.
