Bare ‘Comeleak’ probe findings


    MALACAÑANG on Friday called on the Commission on Elections (Comelec) to release the results of an internal investigation into the data heists that resulted in the theft of over 55 million personal records from the poll body’s website.

    In a statement, Presidential Communications Secretary Martin Andanar said the so-called “Comeleak,” the massive breach in the Comelec database before the 2016 elections, should not be downplayed.

    “The Comeleak has been described as one of the worst breaches of a government-controlled database. Thus, it is an issue that simply cannot be swept under the rug,” Andanar said.

    “We exhort that Comelec release a report of an investigation it conducted on the data leak, if any, to maintain the credibility of the constitutional body and uphold the integrity of the electoral process,” he added.

    The Palace official issued the call following the recommendation of the National Privacy Commission (NPC) to file criminal charges against Comelec Chairman Andres Bautista and the poll body itself for the theft of millions of voters’ personal records.

    Andanar lauded the commission “for taking the side of the people whose privacy has been violated.”

    The commission found Bautista criminally liable for the cybersecurity breach, and guilty of “gross negligence” for his failure to establish a data protection policy that could have prevented the hacking.

    “Comelec should come clean and hold itself accountable for the millions of data that became susceptible to risks such as identity theft and fraud,” Andanar said.

    “Let us put an end to election-related maneuverings and ensure that any attempt to subvert the people’s will, no matter how sophisticated, will not succeed,” he added.

    Bautista, in a statement on Thursday, denied the accusations against him and the Comelec even as he vowed to contest the ruling.

    “With all due respect to the NPC membership, we believe that the NPC decision was based on the misappropriation of several facts, legal points and material contexts,” he said.

    Bautista maintained that the Comelec did due diligence in protecting its data even before the hacking of its website in March 2016, by following generally accepted standards and international best practices with regard to its technology-related activities and services.

    He questioned as well the decision pointing to him as solely responsible for the data breach, saying “these are matters that are best left to information technology [IT] experts.”

    “Unlike the NPC, which is run by IT practitioners, the Comelec en banc is currently managed by seven lawyers. Hence, we rely on our IT Department for expert advice on website/data security and privacy and IT-related matters,” he said.


    Please follow our commenting guidelines.


    1. Comeleak is the sole responsible for the data lost thru hackers… It is on his jurisdication. NEGLIGENCE on his duties and responsbilities.. This is the bottom line. Mr. Bautista dont make it complicated..Huag mo nang gaguhin ang mamayan, tulad ng amo mo rin stupid…Hindi kami ipinanganak kahapon…You should be dealth accordingly for negligence etc…Your better resign…

    2. What a cop-out! Saying that he relied on his IT department for expert advice and it wasn’t his fault. I guess he never heard that the boss is responsible to make sure everything is done correctly. What he is really saying is that he did not know and was not qualified to do the job.

    3. I cannot, for the life of me, fathom how this hacking incident could be construed as an “election-related maneuvering.” Oops ! Is the slip showing? Is there somebody interested in the position of Chairman Bautista? There seems to be a lot of politicking going around. Let us leave this meek, mild-mannered, decent, hardworking, honest and bright lawyer alone.

    4. Leodegardo M. Pruna on

      If Mr. Bautista has nothing to hide, he should release whatever result of Comelec’s investigation on the matter has been gathered. He cannot simply say that they (Comelec and Chairman) were victims. The victims have the duty to investigate and report the matter to authorities which could help it solve the issue. Non-action is tantamount to guilt by omission.As a matter of fact. Mr. Bautista and company are guilty of “GROSS NEGLIGENCE” because what happened caused millions of registered voters to become victims of unscrupulous individuals who may abuse the information they have for their own greed. God save the Philippines.

    5. Yes Comelec has an IT Dept which reports directly to the Executive Director who had been practically running the entire Comelec operations show since the time of Chairman Melo – when the series of questionable automated elections really started. Upkeep of the Voters Database, the only other equally Agency-mission-critical component as voting automation, was relegated to the back-burner between 2004 to-date or a bit more than 12 years since its massive build-up began, starving the project of compellingly necessary funds while billions and billions were poured into the voting automation automation with excessively sweet deals with Smartmatic. Real cleansing of the database via fingerprint- matchjing technology has is not even been satisfactorily completed up to now when it started since 2009 or 7 years ago. Funds needed to up the skills of the IT people were not granted including technical training of the people running the Data Center such as mandatory managementt and technical expertise on Information Security. So the Chairman CORRECT in shouting “Why (just) me ?” . While he has command responsibility the rest down the line from the Executive Director to the IT Director to the Data Center Manager, the Database Administrator and the Information Security Officer, if there is such person, are the ones directly responsible and should be prosecuted as well.