Statement of Privacy Commissioner Naga on alleged COMELEC hack and data breach

The National Privacy Commission (NPC) issued separate orders to the Commission on Elections (COMELEC), Mr. Art Samaniego Jr., and Manila Bulletin to appear for a clarificatory meeting via teleconference on January 25, 2022 on the alleged hacking and data breach incident involving the COMELEC servers.

On January 8, 2022, the NPC received information from Mr. Samaniego, Technology Editor & IT Head of the Manila Bulletin, regarding a suspected breach on COMELEC servers wherein an estimated 60 gigabytes of data, which possibly contain personal information and sensitive personal information, were allegedly accessed and downloaded by a certain group of hackers.

The NPC’s Complaints and Investigation Division commenced its own independent investigation and issued a notice to COMELEC requiring them to explain the alleged hacking and data breach..

The COMELEC must address the serious allegations made in the Manila Bulletin news report and determine whether personal data were indeed compromised, particularly personal information, sensitive personal information, or data affecting the same, which were processed in connection with the upcoming 2022 national and local elections. COMELEC is also directed to conduct a comprehensive investigation on the matter and submit to the NPC the results thereof no later than January 21, 2022.

Rest assured that the NPC does not tolerate any act in violation of the Data Privacy Act including negligence in implementing organizational, physical, and technical security measures on personal data processing systems, whether in government or private institutions.

Privacy Commissioner