No Breach of Voter Database, INEC Says Amid CVR Access Controversy

The Independent National Electoral Commission (INEC) has commenced a comprehensive investigation into allegations surrounding the unauthorised access and disclosure of information from its Continuous Voter Registration (CVR) database.

The commission said the probe follows reports circulating on social media and in sections of the media alleging that information relating to a candidate in a recent political party primary election in the Federal Capital Territory was improperly accessed and released.

In a statement issued by the National Commissioner and Chairman of the Information and Voter Education Committee, Mohammed Kudu Haruna, INEC said it had immediately activated internal mechanisms to determine exactly what transpired. According to the commission, preliminary findings indicate that the incident did not result from hacking or any external cyberattack on its systems.

Rather, investigators believe the information was accessed through valid credentials assigned to authorised personnel participating in the ongoing nationwide Continuous Voter Registration exercise. INEC explained that registration officers are granted limited access to specific components of the CVR system to process voter registrations, transfers and record updates as part of their official responsibilities.

Such access, the commission noted, is strictly controlled and intended solely for authorised duties. The commission revealed that its audit trail has already identified the user account through which the information was accessed. Relevant personnel have reportedly been questioned, while departments connected to the incident are cooperating fully with the ongoing investigation.

INEC said it is also reviewing technical, administrative and operational processes to determine whether there was any breach of internal access protocols and to establish individual responsibility where necessary. Importantly, the commission stressed that the incident does not indicate any compromise of the broader voter registration infrastructure.

It further reassured Nigerians that the personal information of more than 90 million registered voters remains secure.

“Preliminary findings indicate there was no external breach of the CVR database, no hacking incident and no unauthorised external access to the Commission’s ICT infrastructure,” the statement noted.

INEC also disclosed that the Department of State Services (DSS) has independently commenced an investigation into the matter. The commission pledged full cooperation with security agencies and vowed to take disciplinary and legal action against any individual found culpable.

While urging the public to avoid speculation, INEC reiterated its commitment to protecting voter data, maintaining transparency and safeguarding the integrity of Nigeria’s electoral processes.

The commission said it would continue to provide updates as investigations progress and promised to make public its final findings upon conclusion of the probe.