‘Very serious’ security breach occurred in Smartmatic ops, says Imee Marcos
MANILA, Philippines — There had been a “very serious” security breach in the operations of Smartmatic allegedly involving one of its employees who had access to confidential information, senators learned on Thursday.
“There indeed was a security breach in the Smartmatic operation,” Senator Imee Marcos, chairperson of the Senate electoral reforms committee, told reporters.
Smartmatic is the provider of elections software to be used on the May 9 polls.
“That appears to be clear and while it is being investigated further by both the NBI (National Bureau of Investigation), the CICC (Cybercrime Investigation and Coordinating Center), the National Privacy Commission and other groups, we have to admit that a very serious breach occurred,” she added.
“It may not be technically hacking. However, we feel that it compromises the processes and operations of Smartmatic in very serious ways,” she further said.
The alleged security breach was divulged to Marcos and fellow senators in an executive session with Commission on Elections (Comelec) officials Thursday morning.
Sen. Imee Marcos presides over the second hearing of the Committee on Electoral Reforms and People’s Participation in Intramuros, Manila, Thursday, March 17, 2022. (Voltaire Fernandez Domingo/ Senate PRIB)
‘Criminal hacking syndicate’
After the executive session, Marcos’ committee held a public hearing, where Senate President Vicente Sotto III moved to authorize the panel to disclose certain details that were discussed during the executive session.
“I think this is part of what we can divulge, merong empleyado ang Smartmatic nilabas yung laptop at hinayaang—well not hack—but hinayaang makopya by a certain group,” Sotto told reporters.
(I think this is part of what we can divulge, there’s an employee of Smartmatic who let the contents of his laptops be copied by a certain group.)
“We may be involved with a criminal hacking syndicate,” Marcos further said.
Marcos, whose brother, former Senator Ferdinand “Bongbong” Marcos Jr., is running for the presidency, cited a Facebook post where various pieces of information, including that of Comelec staff, were released.
“Nasa Facebook e, makikita ninyo sa isang XSOS, na nasa Facebook andun nakalatag kung anu-anong information,” she said.
(It’s on Facebook, from a certain XSOS, it’s on Facebook where various information was laid out.)
Old information
According to Marcos, they were told during the executive session with Comelec officials that some of the information released online was already old.
“Sinasabi nila yung information daw, yung iba bulok na, 2016. May mga personal information, ganun pa man kinakabahan ako kasi may mga procedure ng Smartmatic, ang kanilang mga ledger, may mga picture ng kanilang opisina, may mga contact person sa Comelec pati mga detalye kung sino ang nago-golf at sino ang umiinom ng red wine,” Marcos said.
(They said that some of the information is old, from 2016. There’s personal information, nevertheless, we are concerned because there’s the procedure of Smartmatic, their ledger, photos of their office, the contact persons from Comelec as well as details on who plays golf and drinks red wine.)
“Andun lahat sa Facebook e. Nakakapagtaka e, kaya medyo kinakabahan tayo to that degree the depth and breadth of data that’s being released and is still publicly available as far as we know,” she added.
(It’s all on Facebook. It’s puzzling, that’s why we are kind of nervous to that degree, considering the depth and breadth of data that’s being released and is still publicly available as far as we know.)
‘No personal data breach’
Marcos said they were also told that Smartmatic is already conducting an administrative investigation on the matter.
“Smartmatic claims that they have an administrative investigation ongoing,” she said.
Image from Smartmatic website
Despite this, Smartmatic representative Atty. Christopher Ocampo denied that there had been a “personal data breach” in Smartmatic operations “that could possibly affect the 2022 national and local elections.”
“Gusto lamang po naming klaruhin na hindi po yun totoo,” he told reporters. “Wala pong katotohanan.”
(We just want to clarify that that is not true. There’s no truth to that.)
He said Smartmatic online provides the automated election system but is not involved in the processing or storing of personal data of “any voter” for the 2022 polls.
“Ang Smartmatic po ang kontrata lang po is to provide the automated election system. That’s it. ‘Pag na-provide na po yun, wala na pong kinalaman ang Smartmatic sa pagpapatakbo ng eleksyon,” he added.
(The contract of Smartmatic is to provide the automated election system. That’s it. Once we provide that, Smartmatic no longer has any involvement in the elections.)
