The Independent National Electoral Commission (INEC) has launched a comprehensive investigation into serious allegations concerning unauthorized access to its Continuous Voter Registration (CVR) database. This inquiry follows the recent circulation of sensitive information pertaining to a candidate who participated in a political party primary election held in the Federal Capital Territory (FCT). The Commission, in a statement released on Tuesday by its National Commissioner and Chairman of the Information and Voter Education Committee, Mohammed Kudu Haruna, addressed the growing concerns fueled by social media and media reports regarding the alleged breach.

Preliminary findings from INEC's internal investigation indicate a critical distinction: there was no external breach of the CVR database, no hacking incident, and no unauthorized access to its ICT infrastructure from outside the organization. Instead, the Commission discovered that the information in question was accessed through valid user credentials. These credentials had been legitimately assigned to personnel actively participating in the ongoing nationwide voter registration exercise, but the subsequent release of the accessed information occurred without proper authorization.

Upon identifying the irregularity, INEC promptly initiated a thorough investigation. Preliminary audit trail findings proved instrumental, quickly enabling the Commission to pinpoint the specific user account through which the information was accessed. In a testament to its commitment to transparency and accountability, INEC reported that relevant personnel have been questioned, and all units connected to the matter are providing their full cooperation to the investigators.

The electoral body further elaborated on its internal access protocols, explaining that authorized registration officers are granted strictly controlled access to specific components of the CVR system. This access is solely intended to facilitate new voter registrations, transfers, and updates during the ongoing exercise and is rigorously confined to official duties. Crucially, such access privileges are designed to be withdrawn at the conclusion of the registration exercise.

INEC emphasized that its investigation is meticulously examining all technical, administrative, and operational factors linked to the incident. The objective is to firmly establish responsibility, determine the exact manner in which the credentials were utilized, and ascertain whether any internal access-control protocols were breached. The Commission also sought to reassure the public that this incident involved the retrieval of a single, specific voter record and does not, in any way, suggest a broader compromise of the wider voter registration infrastructure or the personal data of the more than 90 million registered voters.

Reiterating its unwavering commitment to safeguarding voter information and upholding the integrity of its electoral systems, INEC stressed that the security, confidentiality, and integrity of voter data remain its paramount priority. In a move to ensure a thorough and multi-faceted inquiry, the Commission also disclosed that the Department of State Services (DSS) has commenced its own separate investigation into the matter, with INEC pledging its full cooperation with all security agencies involved. The Commission affirmed that anyone found culpable in this incident will face appropriate legal action, underscoring its zero-tolerance policy for misuse of its systems.

Finally, INEC urged members of the public and the media to exercise caution and refrain from speculation while investigations are underway. The Commission provided an assurance that its final findings and any corrective or punitive measures taken will be made public in due course, reinforcing its dedication to transparency and accountability.