DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Data leak enough to impeach Comelec execs – lawyers

Posted on April 23, 2016 by Dissent

As bad as the Mexican voter database leak may seem, the hack and data dump affecting over 55 million Filipino voters is much worse, in my opinion. Not only was more sensitive information involved – including passport information and fingerprints – but the data were freely available to an untold number of parties who may have downloaded it.

Now some lawyers are suggesting that not only should the hackers be prosecuted criminally (one suspect has already been arrested and has reportedly confessed), but the heads of COMELEC should be held accountable by impeachment.

Michael Bueza reports that lawyer Toby Purisima said that under Section 2, Article XI of the Constitution, betrayal of public trust is one of the grounds for impeachment of the chairman and commissioners of constitutional commissions like the Comelec.

Purisima said that this hacking and the ensuing data leak falls under the catch-all definition of “betrayal of public trust.”

According to Purisma and fellow lawyer Regie Tongol, COMELEC, as the controller of personal information, may also be made accountable for the data leak under the following laws:

  1. Republic Act (RA) 10173 or the Data Privacy Act, for failing to protect data from unlawful access
  2. RA 6713 or the Code of Conduct and Ethical Standards for Public Officials, for negligence in protecting voters’ data
  3. Section 3(e) of RA 3019 or the Anti-Graft and Corrupt Practices Act for “causing any undue injury” to voters

There is also an accessory penalty under the Data Privacy Act of disqualification from running for public office that would be imposed on concerned Comelec officials, if found guilty.

Under the same law, the Comelec can also be charged for downplaying the incident and the concealment of the security breach or by not informing the voters immediately of the release of their personal information

Read more on Rappler.

Well, lawyers say a lot of things, but will heads really roll over this breach? We’ve seen the head of OPM here resign after the massive hack of that agency. But impeachment of the heads of federal agencies? Can anyone recall ever seeing that anywhere over a breach? Maybe I need more coffee to remember something that’s not coming to mind right now.

But if the recent massive leaks of government databases should teach us anything other than the need for better infosecurity, they should teach us that government agencies should also have breach notification duties similar to those for businesses.

As an interesting side note, it was the U.S. who helped get the searchable database, wehaveyourdata.com,  down. Camille Diola reports on PhilStar:

Citing the Philippines’s Department of Justice, which oversees the National Bureau of Investigation (NBI) in charge of the hacking probe, Jimenez said the data was preserved by the US DOJ via web security provider CloudFlare and repurchased from domain registrar GoDaddy.

“DOJ [is] currently in the process of requesting for the preserved data on Cloudflare and GoDaddy, through official channels, [and] coordinating with NBI,” Jimenez said in a statement on Twitter.

On Friday afternoon, a review by Philstar.com of the WhoIs domain name registration of the website shows that the site wehaveyourdata.com was successfully reregistered on GoDaddy at 1:56 p.m., Manila time.

Experts say, however, that even with the site taken down, crooks may have already backed up the data and planning on their next moves.

“Taking down the website doesn’t matter. The people who can do damage with the information already [have] the data,” Carlo Ople, managing director of Dentsu Digit, said on Twitter.

The data, meanwhile, are still available on torrent listings for downloading.

No related posts.

Category: ExposureGovernment SectorHackNon-U.S.

Post navigation

← Mexican government responds to data leak of voter information
Tampa International Airport infosecurity breach spurred probe →

2 thoughts on “Data leak enough to impeach Comelec execs – lawyers”

  1. Jordana Ari says:
    April 24, 2016 at 12:47 pm

    I do not understand why so many hackers feel the need to break into databases like these? Is it for the thrill and sensation of a difficult database hack, just to find identities to steal? I do not understand how people can be so plain cruel.

  2. lucifer says:
    April 25, 2016 at 5:48 am

    It’s the incompetence of the government employees.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.