Someone got into the Commission of Elections' database last March and recently dumped the contents onto the internet for everyone to see. This exposed the personal information of around 55 million registered Filipino voters. Remember 2014’s The Fappening? Yeah, it’s not so fun now that it’s you who’s vulnerable.
As with any security breach, it is not recommended to proliferate the damage by sharing links to the source or its many copies. Unfortunately, a lot of people still posted the link on social media, citing good intentions, cracking wise, or just to get a discussion going in their Facebook timelines.
This data leak is as huge as it is embarrassing with the information being unencrypted. Not many countries have to deal with this catastrophic level of security failure involving personal data, but here we are, more fun. If you were quick you probably got the chance to see the website live and perhaps, with some hesitation, did a search on yourself.
There they are. Your address. Your passport details. Your real hair and eye colors. Your marital status, cheater! Some alphanumeric values are also showing up as “fingerprint data,” though there aren’t any images included. So many attributes of your life once crammed into a database only the government could access and interpret, now out there for every criminal and aspiring criminal to see.
Suddenly, all those stories of identity theft that happened to a friend of a friend are coming back to haunt you.
Should you really worry about this massive data leak? Yes, you should.
We asked IT expert Marie Ricana if this event warrants national panic. "Unless you have a stalker, you are an unlikely target for identity theft," she tells us. She adds that there shouldn’t be any reason to worry about our fingerprints being replicated and used by "fake voters" come election day, as the actual fingerprint images are likely in another database.
Marie’s advice is to take personal action with things we can control. That includes changing passwords if they reflect any data contained in the leak, and being vigilant with our financial accounts. These are the aspects of any person’s life that are vulnerable and commonly targeted.
Before you retreat all the way into the panic room, know that there are still ways to protect yourself. Keep in mind that right at this moment, it’s unlikely that someone has hatched an elaborate plan to steal your identity for whatever reason. Breathe. Then do the following:
Stop The Spread
Discourage friends and family from checking out and linking to the site. Though sharing may be caring, this increases the risk of more people accessing sensitive data.
Review Your Passwords
Do they contain the name of your street or numbers such as birthdays? You’d be able to sleep better if you change your passwords into a bunch of random characters. This goes for your online banking accounts, e-mail addresses, and social media accounts. Key tip: Turn on 2-Factor authentication for critical accounts. Usually, this involves getting a second passcode texted to your mobile number whenever you try to sign in.
Watch Out For Fraud Attempts
The leak does not contain any financial data, but people with malicious intent can get creative with any personal information that falls into their hands. Sign up for notifications for when a transaction is made on your credit card. Scrutinize your bank statements and call the bank immediately if you suspect any fraudulent transactions.
Watch Out For Phishing
Start combing through your e-mail for phishing attacks. Start to show mistrust on all things that ask for your “mother’s maiden name.” Unless you requested it, a website will rarely ask your security questions. One way to verify the legitimacy is to always look at the URL. If a page is trying to ask your Gmail security questions and the URL is something other than google.com, then it must be a load of hooey.
So, should you still worry about this massive data leak? Yes, you should.
This data leak of epic proportions shows how lax the COMELEC has been in terms of securing voters’ personal data. The government has yet to take action regarding the compromised information, particularly for the passport and biometric data.
With the elections coming, it’s as if there are dots that are connecting themselves. Hopefully we can elect candidates who can help keep this from happening in the future. It’s just going to be hard to do that if we can’t trust the voting system to stay secure.
Photos from prontoconsumatore.it, diepresse.com, securityintelligence.com