By 
INEC Confirms Insider Breach of Voter Database
The Independent National Electoral Commission (INEC) has launched a formal investigation into the unauthorised access and disclosure of personal data from its Continuous Voter Registration (CVR) database, raising serious concerns about the integrity of Nigeria’s electoral process and compliance with the Nigeria Data Protection Act (NDPA).
RELATED: INEC moves to prosecute impersonators as forensic probe clears chairman of fake X account
In a statement issued on June 2, 2026, the National Commissioner and Chairman of the Information and Voter Education Committee (IVEC), Mohammed Kudu Haruna, clarified that the incident did not involve external hacking. Rather, preliminary audit findings revealed an insider breach, carried out through the misuse of valid internal credentials assigned to voter registration personnel.
According to Haruna, “The Commission takes this allegation seriously and has immediately commenced a thorough investigation to establish the facts surrounding the incident.”
How the Controversy Emerged
The probe was triggered after sensitive voter registration details belonging to Nollywood actor-turned-politician Emeka Ike surfaced online. The screenshots, allegedly drawn directly from INEC’s restricted administrative portal, were shared on X (formerly Twitter) by Lere Olayinka, a media aide to the Minister of the Federal Capital Territory, Nyesom Wike.
The leaked information was used to question Ike’s eligibility following party primaries for a House of Representatives seat in the FCT. Reacting during an interview on Channels Television, Ike condemned the disclosure as “the height of political rascality” and signalled his readiness to pursue legal action over what he described as a grave violation of his privacy rights.
Implications for Electoral Integrity
While INEC insists the incident involved access to only a single voter record, the political and institutional implications are far-reaching. An insider breach undermines public trust in the neutrality and professionalism of the electoral umpire, particularly ahead of sensitive electoral cycles.
The episode raises questions about:
- Internal control failures within INEC’s digital infrastructure.
- Potential political interference, given the involvement of politically exposed individuals.
- Weaponisation of voter data, which could be used to intimidate candidates or manipulate public perception during primaries and general elections.
For an institution constitutionally mandated to guarantee free, fair, and credible elections, even an isolated breach carries reputational and democratic consequences.
Data Protection Act Under the Spotlight
Beyond electoral integrity, the leak directly tests the enforcement of Nigeria’s Data Protection Act. Voter registration data qualifies as sensitive personal data under Nigerian law, requiring strict access controls, purpose limitation, and accountability.
If proven, the misuse of authorised credentials may expose INEC and individual staff to:
- Regulatory sanctions for failure to adequately safeguard personal data.
- Civil liability for privacy violations.
- Criminal implications if political collusion or malicious intent is established.
The case is likely to set an important precedent on how public institutions handle personal data and enforce accountability under Nigeria’s evolving data protection regime.
National Security and Political Reactions
INEC has confirmed that the Department of State Services (DSS) has initiated a parallel forensic investigation. Authorities are examining whether the breach resulted from negligence, deliberate insider sabotage, or coordinated political action.
Politically, the fallout has intensified. Former Vice President Atiku Abubakar has demanded full disclosure from INEC, questioning how information from a secure electoral database could find its way into the hands of a minister’s aide without systemic failure or complicity.
INEC’s Response and System Reforms
INEC disclosed that its internal audit has already identified the specific user account involved in extracting the data. Affected personnel are undergoing interrogation and disciplinary review, while the commission has announced immediate steps to tighten internal access controls and further restrict administrative privileges.
Although the commission has assured Nigerians that its central database of over 90 million registered voters remains secure, the incident underscores the urgent need for stronger insider-threat mitigation, continuous monitoring, and transparency to restore public confidence.
Data Leak has Profound Implications
The INEC CVR data leak may be isolated in scale, but its implications are profound. It highlights the fragile intersection between technology, politics, and trust, and serves as a critical test case for Nigeria’s commitment to electoral credibility and data protection in the digital age.
