Exploit: Hacking
Commission on Elections (Comelec): Government Agency
Risk to Business: 1.806 = Severe
Concerns are mounting about the possibility that sensitive voter data has been exposed after an audacious attack on the Commission on Elections (Comelec) of The Philippines. Bad actors breached the system of the Comelec on January 8 and downloaded files that included sensitive information including the usernames and PINS of vote-counting machines (VCM). The cybercriminals made off with an estimated 60 gigabytes of data. Reports say that the stolen data included network diagrams, IP addresses, a list of all privileged users, domain admin credentials, a list of all passwords and domain policies, access to the ballot handling dashboard, and QR code captures of the bureau of canvassers with login and password. The exposure of this data may impact upcoming elections in The Philippines in May.
Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Government agencies have become juicy targets for cybercriminals looking to score a boatload of sensitive information fast.
Source: Manila Bulletin