DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Data leak enough to impeach Comelec execs – lawyers

Posted on April 23, 2016 by Dissent

As bad as the Mexican voter database leak may seem, the hack and data dump affecting over 55 million Filipino voters is much worse, in my opinion. Not only was more sensitive information involved – including passport information and fingerprints – but the data were freely available to an untold number of parties who may have downloaded it.

Now some lawyers are suggesting that not only should the hackers be prosecuted criminally (one suspect has already been arrested and has reportedly confessed), but the heads of COMELEC should be held accountable by impeachment.

Michael Bueza reports that lawyer Toby Purisima said that under Section 2, Article XI of the Constitution, betrayal of public trust is one of the grounds for impeachment of the chairman and commissioners of constitutional commissions like the Comelec.

Purisima said that this hacking and the ensuing data leak falls under the catch-all definition of “betrayal of public trust.”

According to Purisma and fellow lawyer Regie Tongol, COMELEC, as the controller of personal information, may also be made accountable for the data leak under the following laws:

  1. Republic Act (RA) 10173 or the Data Privacy Act, for failing to protect data from unlawful access
  2. RA 6713 or the Code of Conduct and Ethical Standards for Public Officials, for negligence in protecting voters’ data
  3. Section 3(e) of RA 3019 or the Anti-Graft and Corrupt Practices Act for “causing any undue injury” to voters

There is also an accessory penalty under the Data Privacy Act of disqualification from running for public office that would be imposed on concerned Comelec officials, if found guilty.

Under the same law, the Comelec can also be charged for downplaying the incident and the concealment of the security breach or by not informing the voters immediately of the release of their personal information

Read more on Rappler.

Well, lawyers say a lot of things, but will heads really roll over this breach? We’ve seen the head of OPM here resign after the massive hack of that agency. But impeachment of the heads of federal agencies? Can anyone recall ever seeing that anywhere over a breach? Maybe I need more coffee to remember something that’s not coming to mind right now.

But if the recent massive leaks of government databases should teach us anything other than the need for better infosecurity, they should teach us that government agencies should also have breach notification duties similar to those for businesses.

As an interesting side note, it was the U.S. who helped get the searchable database, wehaveyourdata.com,  down. Camille Diola reports on PhilStar:

Citing the Philippines’s Department of Justice, which oversees the National Bureau of Investigation (NBI) in charge of the hacking probe, Jimenez said the data was preserved by the US DOJ via web security provider CloudFlare and repurchased from domain registrar GoDaddy.

“DOJ [is] currently in the process of requesting for the preserved data on Cloudflare and GoDaddy, through official channels, [and] coordinating with NBI,” Jimenez said in a statement on Twitter.

On Friday afternoon, a review by Philstar.com of the WhoIs domain name registration of the website shows that the site wehaveyourdata.com was successfully reregistered on GoDaddy at 1:56 p.m., Manila time.

Experts say, however, that even with the site taken down, crooks may have already backed up the data and planning on their next moves.

“Taking down the website doesn’t matter. The people who can do damage with the information already [have] the data,” Carlo Ople, managing director of Dentsu Digit, said on Twitter.

The data, meanwhile, are still available on torrent listings for downloading.

Category: ExposureGovernment SectorHackNon-U.S.

Post navigation

← Mexican government responds to data leak of voter information
Tampa International Airport infosecurity breach spurred probe →

2 thoughts on “Data leak enough to impeach Comelec execs – lawyers”

  1. Jordana Ari says:
    April 24, 2016 at 12:47 pm

    I do not understand why so many hackers feel the need to break into databases like these? Is it for the thrill and sensation of a difficult database hack, just to find identities to steal? I do not understand how people can be so plain cruel.

  2. lucifer says:
    April 25, 2016 at 5:48 am

    It’s the incompetence of the government employees.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware
  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.