INEC Probes CVR Data Leak as DSS Launches Separate Investigation; Abati Demands Public Explanation From Lere Olayinka

The Independent National Electoral Commission has confirmed it is investigating the alleged misuse of authorised access credentials to its Continuous Voter Registration database, following claims that backend information on a candidate in recent FCT primaries was disclosed without approval.

The probe comes as political commentator Dr Ruben Abati called on the Department of State Services to immediately investigate Lere Olayinka over how he allegedly gained access to the backend server of the INEC portal.

In a statement released Monday, Abati said:

*”The DSS should immediately investigate Lere Olayinka to determine how he gained access to the backend server of the INEC portal. Lere Olayinka must also publicly explain the means by which he accessed the system. Failure to provide a clear and satisfactory explanation should compel INEC to grant equal access to the backend server to all Nigerians, as selective access raises serious concerns about the integrity and transparency of the electoral process.”*
— Dr Ruben Abati

*INEC Confirms Internal Access, Denies External Breach*

In its response, INEC issued a press statement through Mohammed Kudu Haruna, National Commissioner and Chairman of the Information and Voter Education Committee, confirming the Commission had “immediately commenced a thorough investigation to establish the facts surrounding the incident.”

According to INEC, the audit trail has already identified the user account through which the information was accessed. The Commission stated that relevant personnel have been questioned and all units connected with the incident are cooperating.

INEC stressed that preliminary findings indicate “there was no external breach of the CVR database, no hacking incident, and no unauthorised external access to the Commission’s ICT infrastructure.”

Instead, the Commission said the information “was accessed through valid user credentials assigned to personnel participating in the ongoing CVR exercise but released without authority.”

The incident, INEC added, “relates to the retrieval of a specific voter record and does not indicate any compromise of the Commission’s broader voter registration infrastructure or the personal data of over 90 million registered voters.”

*DSS Also Investigating*

INEC further disclosed that the Department of State Services has, “on its own accord, commenced an independent investigation into the matter.” The Commission pledged to cooperate fully with security agencies and said it “will not hesitate to refer any person found culpable for appropriate legal action.”

The Commission explained that authorised INEC Registration Officers are granted controlled access to specific components of the CVR system during the nationwide exercise to register new applicants, process transfers and update voter records. Such access is restricted to official duties only and withdrawn at the conclusion of the exercise.

*Commission Vows Action, Urges Calm*

INEC said it is examining all technical, administrative and operational factors to “establish individual responsibility and determine the circumstances surrounding the use of those credentials and identify any breach of internal access-control protocols before taking appropriate action against anyone involved.”

The Commission urged members of the public and the media to “disregard unfounded speculations while investigations remain ongoing,” adding that it will keep the public informed of final findings and measures taken.

The CVR exercise remains ongoing nationwide.