Cyber Incident Victim: Commission on Elections

On March 27, 2016, the Philippine Commission on Elections (COMELEC) suffered a major cybersecurity breach when the hacktivist group Anonymous compromised its website. The attackers publicly disclosed the intrusion to pressure COMELEC into activating security features on vote counting machines ahead of the national elections scheduled for May 9, 2016. Days after the initial compromise, a second group identifying as LulzSec Pilipinas exfiltrated and published the entire COMELEC database online. This database contained records on approximately 55 million individuals, representing every registered voter in the Philippines at the time. COMELEC initially downplayed the severity of the breach, asserting that no sensitive information had been exposed in the incident.

Analysis by Trend Micro’s Philippine threat research team contradicted COMELEC’s assessment, confirming the exposure of massive quantities of sensitive voter data. The leaked information included 15.8 million fingerprint records, 1.3 million records of overseas Filipino voters containing passport numbers and expiration dates, and administrative credentials for COMELEC officials. Additionally, the dump contained candidate information for all individuals who had run for office since 2010. Trend Micro verified that critical data elements like passport details and fingerprints were stored in unencrypted plaintext formats, making them immediately exploitable. The firm warned that the exposed Personally Identifiable Information (PII) created significant risks of phishing campaigns, business email compromise (BEC) fraud, blackmail, and extortion targeting affected voters. With 55 million records compromised, the breach exceeded the scale of the 2015 U.S. Office of Personnel Management incident, which impacted 21 million individuals, establishing it as one of the largest government data exposures publicly documented at the time.