The Independent National Electoral Commission (INEC) has launched an investigation into allegations of unauthorized access to its Continuous Voter Registration (CVR) database following the publication of information relating to a candidate in a recent political party primary election in the Federal Capital Territory (FCT).
In a statement issued on Tuesday, INEC said it became aware of reports circulating on social media and in sections of the media alleging that information from its voter registration database had been improperly accessed and disclosed.
The Commission said it takes the matter seriously and has commenced a thorough investigation to establish the facts surrounding the incident.
According to INEC, authorized Registration Officers participating in the ongoing nationwide CVR exercise were granted controlled access to specific parts of the system to enable them register new voters, process transfer requests, and update voter records. The Commission explained that such access is strictly for official duties and is withdrawn at the end of the exercise.
INEC disclosed that a preliminary audit trail had identified the user account through which the information was accessed. It added that relevant personnel have been questioned and all units linked to the incident are cooperating with investigators.
The electoral body said it is examining the technical, administrative, and operational aspects of the case to determine individual responsibility and identify any breach of internal access-control procedures before taking appropriate action.
However, preliminary findings indicate that there was no external breach of the CVR database, no hacking incident, and no unauthorized access to INEC’s ICT infrastructure from outside the Commission.
Rather, the Commission stated that the information was accessed through valid user credentials assigned to personnel involved in the ongoing voter registration exercise and was subsequently released without authorization.
INEC stressed that the incident concerns the retrieval of a specific voter record and does not suggest any compromise of its wider voter registration infrastructure or the personal data of more than 90 million registered voters.
The Commission reaffirmed its commitment to safeguarding voter information, maintaining institutional integrity, and ensuring transparency in its operations.
INEC also revealed that the Department of State Services (DSS) has independently commenced an investigation into the matter. The Commission pledged full cooperation with security agencies and said anyone found culpable would face appropriate legal action.
The electoral body urged members of the public and the media to disregard speculation while investigations continue, assuring that it would provide updates on its final findings and any measures taken in response to the incident.
