The Independent National Elec­toral Commission (INEC) has commenced an investigation into the alleged unauthorised access to and disclosure of infor­mation from its Continuous Vot­er Registration (CVR) database, while the Department of State Services (DSS) has also launched a separate probe into the matter.

The development follows re­ports circulating on social media and in sections of the media al­leging that information relating to a candidate who participated in the recent primaries of a polit­ical party in the Federal Capital Territory was obtained from the commission’s voter registration database and subsequently made public.

In a statement issued on Tuesday by the National Com­missioner and Chairman of the Information and Voter Ed­ucation Committee (IVEC), Mo­hammed Kudu Haruna, INEC said it was treating the allega­tions with the seriousness they deserve and had immediately begun a comprehensive inves­tigation to establish the facts surrounding the incident.

“The attention of the Inde­pendent National Electoral Commission (INEC) has been drawn to allegations currently circulating on social media and in some sections of the media regarding the alleged unautho­rised access to the commission’s Continuous Voter Registration (CVR) database and the subse­quent publication of informa­tion on a candidate in the recent primaries of a political party in the Federal Capital Territory,” the statement said.

“The commission takes this allegation seriously and has immediately commenced a thorough investigation to es­tablish the facts surrounding the incident.”

INEC explained that, as part of the ongoing nationwide Con­tinuous Voter Registration ex­ercise, authorised registration officers were granted controlled access to specific components of the CVR system to enable them register new applicants, process requests for transfer of registration and update voter records where necessary.

According to the commis­sion, such access is strictly limited to official duties and is withdrawn at the conclusion of the exercise.

Providing an update on its preliminary findings, INEC disclosed that its audit trail had enabled investigators to identify the user account through which the information in question was accessed.

“The audit trail from the preliminary investigation has enabled the commission to iden­tify the user account through which the information was accessed. Accordingly, relevant personnel have been ques­tioned, and all units connected with the incident are cooperat­ing fully with the investigation,” the commission stated.

It added that investigators were examining all technical, administrative and operational factors connected to the incident in order to determine individu­al responsibility, establish the circumstances surrounding the use of the credentials involved and identify any breach of in­ternal access-control protocols.

Significantly, the commis­sion said its findings so far in­dicate that the incident did not result from a cyberattack or any external compromise of its systems.

“Preliminary findings from the commission’s audit trail so far, however, indicate that there was no external breach of the CVR database, no hacking in­cident, and no unauthorised external access to the commis­sion’s ICT infrastructure. Rath­er, the information in question was accessed through valid user credentials assigned to personnel participating in the ongoing CVR exercise but re­leased without authority.”

The electoral body stressed that the matter under investiga­tion relates only to the retrieval of a specific voter record and should not be interpreted as ev­idence of a wider compromise of the national voter database.

“The incident under investi­gation relates to the retrieval of a specific voter record and does not indicate any compromise of the commission’s broader voter registration infrastructure or the personal data of over 90 mil­lion registered voters,” it said.

The clarification comes amid growing public concern over data protection and cyber­security, particularly as Nigeria continues to deepen the deploy­ment of digital technologies in electoral administration. The CVR database forms a critical component of the country’s electoral infrastructure, con­taining records of millions of registered voters across the federation.

INEC reiterated its commit­ment to safeguarding voter in­formation and preserving pub­lic confidence in the integrity of the electoral process.

“The commission wishes to state categorically that it takes the security, confidentiality and integrity of voter data with the utmost seriousness and re­mains committed to transpar­ency, institutional integrity, and the protection of voters’ person­al information.”

The commission also dis­closed that the DSS had, on its own initiative, commenced an independent investigation into the incident.

“Furthermore, the Depart­ment of State Services (DSS), on its own accord, has commenced an independent investigation into the matter. The commis­sion will continue to cooperate fully with all relevant security agencies and will not hesitate to refer any person found culpable for appropriate legal action.”

INEC urged members of the public and the media to refrain from speculation while investi­gations are ongoing, assuring that its findings and any ac­tions arising from them would be made public in due course.

“Members of the public and the media are therefore urged to disregard unfounded specu­lations while investigations re­main ongoing. The commission will continue to keep the public informed of its final findings and any measures taken in re­sponse to the incident in due course,” the statement added.