The Independent National Electoral Commission (INEC) has launched an investigation into allegations of unauthorized access to its Continuous Voter Registration (CVR) database following the publication of information relating to a candidate who participated in a recent political party primary election in the Federal Capital Territory (FCT).
In a statement issued on Tuesday, the Commission said it had taken the allegations seriously and immediately commenced a comprehensive investigation to establish the circumstances surrounding the incident.
INEC explained that as part of the ongoing nationwide CVR exercise, authorized Registration Officers were granted controlled access to specific sections of the CVR system to enable them register new voters, process transfer requests, and update voter records. The Commission emphasized that such access is strictly limited to official duties and is revoked once the exercise concludes.
According to INEC, preliminary findings from its audit trail have identified the user account through which the information was accessed. Relevant personnel have since been questioned, while all departments connected to the incident are cooperating with investigators.
The Commission stated that it is examining the technical, administrative, and operational aspects of the case to determine individual responsibility, establish how the credentials were used, and identify any breach of internal access-control procedures before taking appropriate disciplinary measures.
However, INEC disclosed that initial findings indicate there was no external breach of its CVR database, no hacking incident, and no unauthorized access to its ICT infrastructure.
Rather, the information was reportedly accessed using valid credentials assigned to personnel involved in the ongoing voter registration exercise and was subsequently released without authorization.
The electoral body further clarified that the incident under investigation concerns the retrieval of a specific voter record and does not suggest any compromise of its wider voter registration infrastructure or the personal data of more than 90 million registered voters nationwide.
