Comelec

Comelec: Smartmatic data leak involved firm’s internal activities, not 2022 polls

Dwight de Leon
Comelec: Smartmatic data leak involved firm’s internal activities, not 2022 polls

Nico Villarete/Rappler

'They assured us that the security of the ballot and the configured SD cards were not compromised by that leakage,' says Comelec chief Saidamen Pangarungan
Comelec: Smartmatic data leak involved firm’s internal activities, not 2022 polls

MANILA, Philippines – Top officials of election software provider Smartmatic assured the Commission on Elections (Comelec) in a meeting on Thursday, March 31, that the alleged security breach involved the firm’s internal organization and activities, not the conduct of the 2022 polls.

Comelec chairman Saidamen Pangarungan said on Friday, April 1, that Smartmatic representatives informed him that the employee responsible for the controversy had already been fired.

“They assured us that the security of the ballot and the configured SD cards were not compromised by that leakage,” Pangarungan said during the signing of a memorandum of agreement (MOA) between the Comelec and the Department of Information and Communications Technology (DICT).

Comelec: Smartmatic data leak involved firm’s internal activities, not 2022 polls

“We are waiting for the official report of the National Bureau of Investigation so that we could release our decision in connection with this breach. Smartmatic knows we studied all possible courses of action that Comelec will take against them, if ever,” Pangarungan added in a mix of English and Filipino.

The details disclosed during Thursday’s meeting, as narrated by Pangarungan, are consistent with Smartmatic’s past statements about the data leak, pinning the blame on a rogue employee of the company.

“What the former employee did is wrongdoing completely unrelated to Philippine elections and doesn’t deserve to be called hacking. He downloaded non-sensitive, day-to-day operational materials from a repository readily available to all Smartmatic staff. He then shared it with individuals outside the company, who have attempted to blackmail Smartmatic for money,” the poll automation provider had said in a statement on March 21.

Smartmatic has yet to submit to the Comelec a copy of its internal investigation report, which the poll body demanded from the poll automation contractor.

But Pangarungan said he was clear to Smartmatic: the incident should not be repeated.

“We told Smartmatic that this very unfortunate incident should not happen again. It’s a very small incident that created a lot of ruckus,” Pangarungan added.

Controversy on the alleged security breach reignited after Senate President Vicente Sotto III and Senate electoral reforms panel chairperson Imee Marcos claimed on March 17 that Smartmatic’s system has been compromised, a conclusion that was supposedly established during a closed-door session organized by the Joint Congressional Oversight Committee (JCOC).

That executive session appeared to have dug deeper into a January 10 Manila Bulletin report of an alleged hacking into the Comelec’s servers, with hackers supposedly stealing 60 gigabytes’ worth of sensitive election-related data.

Comelec: Smartmatic data leak involved firm’s internal activities, not 2022 polls

The poll body has since pointed out loopholes in the report, saying the claim that the PINs and passwords of vote-counting machines were stolen by hackers is false because they have yet to be uploaded online.

The Comelec has also assured the public time and again that its infrastructures for the 2022 polls were not hacked. – Rappler.com

Dwight de Leon

Dwight de Leon is a multimedia reporter who covers local government units and the Commission on Elections for Rappler.