The Independent National Electoral Commission (INEC) has commenced an investigation into allegations of unauthorised access to its Continuous Voter Registration (CVR) database following the circulation of voter information linked to a candidate who participated in a recent political party primary election in the Federal Capital Territory (FCT).
In a statement issued on Tuesday, the electoral umpire said it was taking the allegations seriously and had already begun a comprehensive probe to establish the circumstances surrounding the incident.
According to the Commission, preliminary findings from its audit trail indicate that there was no external breach of its database infrastructure and no evidence that hackers gained access to its systems. Instead, the information was allegedly accessed using legitimate credentials assigned to personnel involved in the ongoing nationwide Continuous Voter Registration exercise.
“The Commission takes this allegation seriously and has immediately commenced a thorough investigation to establish the facts surrounding the incident,” INEC said in the statement signed by Mohammed Kudu Haruna, National Commissioner and Chairman of the Information and Voter Education Committee (IVEC).
INEC explained that as part of the ongoing CVR exercise, authorised registration officers were granted controlled access to specific components of the registration system to facilitate the enrolment of new voters, process transfer requests and update voter records where necessary.
The Commission stressed that such access is strictly limited to official duties and is withdrawn once the registration exercise concludes.
Providing an update on the probe, INEC disclosed that its preliminary audit trail had enabled investigators to identify the user account through which the information was accessed.
“The audit trail from the preliminary investigation has enabled the Commission to identify the user account through which the information was accessed. Accordingly, relevant personnel have been questioned, and all units connected with the incident are cooperating fully with the investigation,” the statement read.
INEC further revealed that investigators are examining the technical, administrative and operational dimensions of the incident to determine how the information was retrieved and released, identify any violations of internal access-control protocols and establish individual responsibility.
While concerns have been raised about the security of voter data, the Commission sought to reassure Nigerians that the incident did not amount to a compromise of its broader voter registration infrastructure.
“Preliminary findings from the Commission’s audit trail so far, however, indicate that there was no external breach of the CVR database, no hacking incident, and no unauthorised external access to the Commission’s ICT infrastructure. Rather, the information in question was accessed through valid user credentials assigned to personnel participating in the ongoing CVR exercise but released without authority,” INEC stated.
The Commission emphasized that the matter under investigation relates only to the retrieval of a specific voter record and does not suggest any wider exposure of personal data belonging to the country’s registered voters.
“The incident under investigation relates to the retrieval of a specific voter record and does not indicate any compromise of the Commission’s broader voter registration infrastructure or the personal data of over 90 million registered voters,” the statement added.
INEC reiterated its commitment to safeguarding voter information and maintaining confidence in Nigeria’s electoral system.
“The Commission wishes to state categorically that it takes the security, confidentiality and integrity of voter data with the utmost seriousness and remains committed to transparency, institutional integrity, and the protection of voters’ personal information,” it said.
In a significant development, the Commission disclosed that the Department of State Services (DSS) has independently launched its own investigation into the matter.
“Furthermore, the Department of State Services (DSS), on its own accord, has commenced an independent investigation into the matter. The Commission will continue to cooperate fully with all relevant security agencies and will not hesitate to refer any person found culpable for appropriate legal action,” INEC said.
The electoral body subsequently urged Nigerians and media organisations to refrain from speculation while investigations are ongoing, assuring the public that it would disclose its final findings and any disciplinary or legal measures arising from the probe.
The incident comes at a politically sensitive period as parties continue preparations for the 2027 general elections, placing renewed focus on data security, electoral integrity and the protection of voter information within Nigeria’s electoral system.
