Commission on Elections data breach
On March 27, 2016, hackers under the banner "Anonymous Philippines" hacked into the website of the Philippine Commission on Elections (COMELEC) and defaced it. The hackers left a message calling for tighter security measures on the vote counting machines (VCM) to be used during the 2016 Philippine general election on May 9. Within the day a separate group of hackers, LulzSec Pilipinas posted an online link to what it claims to be the entire database of COMELEC and updated the post to include three mirror link to the index of the database's downloadable files. The leaked files by LulzSec Pilipinas amounts to 340 gigabytes.
| Date | March 27, 2016 |
|---|---|
| Location | Philippines |
| Type | Cyber-attack |
| Participants | Anonymous Philippines LulzSec Pilipinas |
| Outcome |
|
| Arrests | Paul Biteng (arrested on April 20) Joenel de Asis (arrested on April 28) |
The COMELEC website returned to normal at 03:15 (PST) on 28 March 2016. COMELEC spokesperson, James Jimenez, stated on his Twitter account that, as they continue to scour the site, all databases would remain temporarily off.
The incident was considered the biggest private data leak in the Philippine history and leaving millions of registered voters at risk.
55 million registered voters are at risk due to the data breach according to security firm, Trend Micro potentially surpassing the Office of Personnel Management data breach which affected 20 million people.
A searchable website, called wehaveyourdata, was set up containing sensitive data on Filipino registered voters was set up as early as April 21. The website was taken down with the assistance of the U.S. Department of Justice since the domain of the website was bought from a US-based web hosting company. The website itself was found to be hosted in Russia.