INEC Investigates Voter Data Leak, Identifies User Account Used to Access Record

The Independent National Electoral Commission (INEC) has launched an investigation into the unauthorised release of voter information linked to a candidate who participated in a recent political party primary in the Federal Capital Territory (FCT).

In a statement issued on Tuesday, INEC said it had begun a detailed probe into allegations that information from its Continuous Voter Registration (CVR) database was accessed and published without authorisation.

The commission's National Commissioner and Chairman of the Information and Voter Education Committee, Mohammed Haruna, said the matter was being treated as a priority.

According to INEC, authorised registration officers involved in the ongoing nationwide CVR exercise were granted limited access to parts of the registration system to process voter registration, transfers and record updates. The commission said such access is restricted to official duties and revoked after the exercise.

Haruna disclosed that preliminary audit findings had enabled the commission to trace the account through which the voter information was accessed.

"The audit trail from the preliminary investigation has enabled the Commission to identify the user account through which the information was accessed," the statement said.

INEC added that relevant personnel had been questioned and that departments connected to the incident were cooperating with investigators.

The commission said it was reviewing technical, administrative and operational processes to determine responsibility and establish whether any internal access-control rules were breached.

However, INEC stated that there was no evidence of an external attack on its systems.

"Preliminary findings from the Commission's audit trail so far indicate that there was no external breach of the CVR database, no hacking incident, and no unauthorised external access to the Commission's ICT infrastructure," the statement said.

It explained that the information was accessed using valid credentials assigned to personnel participating in the CVR exercise and was subsequently released without approval.

INEC also stressed that the incident involved a single voter record and did not affect the wider voter registration infrastructure or the personal data of more than 90 million registered voters.

"The incident under investigation relates to the retrieval of a specific voter record and does not indicate any compromise of the Commission's broader voter registration infrastructure or the personal data of over 90 million registered voters," the commission said.

The electoral body reaffirmed its commitment to protecting voter information and maintaining the integrity of its systems.

INEC further revealed that the Department of State Services (DSS) had independently commenced an investigation and pledged full cooperation with security agencies. It added that anyone found culpable would face appropriate legal action.

The development follows controversy surrounding the publication of voter information belonging to actor and politician Emeka Ike.

Ike, who contested the AMAC/Bwari Federal Constituency House of Representatives seat in the FCT under the Nigerian Democratic Congress, accused Lere Olayinka, media aide to FCT Minister Nyesom Wike, of exposing his personal information.

Olayinka had posted screenshots on X showing details of Ike's voter registration history, including his transfer from Imo State to the FCT. The images reportedly contained information such as his application number, voter identification number, registration centre, photograph and application date.

Speaking on Channels Television's The Morning Brief on Tuesday, Ike described the publication of his information as unacceptable and said he was considering legal action.