INEC Launches Probe Into Alleged Misuse Of Voter Registration Database Credentials, Says No Hacking Or External Breach Detected

Abuja, Nigeria– The Independent National Electoral Commission (INEC) has announced the commencement of a comprehensive investigation into allegations of unauthorised access to its Continuous Voter Registration (CVR) database and the subsequent publication of information relating to a candidate who participated in the recent primaries of a political party in the Federal Capital Territory (FCT).

In a statement issued on Tuesday, June 2, 2026, INEC said it had taken the allegations seriously and immediately launched an internal investigation to determine the circumstances surrounding the incident.

The statement was signed by Mohammed Kudu Haruna, National Commissioner and Chairman of the Information and Voter Education Committee (IVEC), and dated June 2, 2026.

According to the electoral body, the allegations, which have been circulating on social media and in sections of the media, concern the alleged misuse of authorised access credentials and the unauthorised disclosure of information obtained from the Commission’s CVR database.

INEC explained that, as part of the ongoing nationwide Continuous Voter Registration exercise, authorised Registration Officers were granted controlled access to specific components of the CVR system to carry out official duties, including the registration of new voters, processing requests for transfer of voter registration, and updating voter records where necessary.

The Commission noted that such access is strictly limited to official functions and is withdrawn at the conclusion of the registration exercise.

Providing an update on its preliminary findings, INEC disclosed that its audit trail had already enabled investigators to identify the specific user account through which the information was accessed.

The statement read, “The audit trail from the preliminary investigation has enabled the Commission to identify the user account through which the information was accessed. Accordingly, relevant personnel have been questioned, and all units connected with the incident are cooperating fully with the investigation.”

INEC further revealed that investigators are examining all technical, administrative and operational aspects of the matter to establish individual responsibility, determine how the credentials were used, and identify any violations of the Commission’s internal access-control protocols.

The Commission said the ongoing investigation would help determine the circumstances under which the information was obtained and released, adding that appropriate action would be taken against anyone found culpable.

However, INEC stressed that findings from its preliminary investigation do not point to any cyberattack or compromise of its broader digital infrastructure.

“Preliminary findings from the Commission’s audit trail so far, however, indicate that there was no external breach of the CVR database, no hacking incident, and no unauthorised external access to the Commission’s ICT infrastructure. Rather, the information in question was accessed through valid user credentials assigned to personnel participating in the ongoing CVR exercise but released without authority,” the Commission stated.

The electoral body emphasised that the incident under investigation involved the retrieval of a specific voter record and does not suggest any wider compromise of voter data or the integrity of its voter registration system.

“The incident under investigation relates to the retrieval of a specific voter record and does not indicate any compromise of the Commission’s broader voter registration infrastructure or the personal data of over 90 million registered voters,” INEC added.

Reaffirming its commitment to data protection and electoral integrity, the Commission said it treats the security, confidentiality and integrity of voter information with utmost seriousness.

“The Commission wishes to state categorically that it takes the security, confidentiality and integrity of voter data with the utmost seriousness and remains committed to transparency, institutional integrity, and the protection of voters’ personal information,” the statement noted.

INEC also disclosed that the Department of State Services (DSS) has independently commenced an investigation into the matter.

According to the Commission, the DSS initiated its probe on its own and the electoral body will continue to cooperate fully with security agencies handling the case.

“Furthermore, the Department of State Services (DSS), on its own accord, has commenced an independent investigation into the matter. The Commission will continue to cooperate fully with all relevant security agencies and will not hesitate to refer any person found culpable for appropriate legal action,” INEC stated.

The Commission urged members of the public and media organisations to refrain from spreading unverified claims or speculations while investigations remain ongoing.

“Members of the public and the media are therefore urged to disregard unfounded speculations while investigations remain ongoing. The Commission will continue to keep the public informed of its final findings and any measures taken in response to the incident in due course,” Haruna added.