Philippine police have arrested one of three individuals suspected of hacking the website of the national election commission (Comelec) at the end of March and exposing the details of over 50 million voters.
The country’s National Bureau of Investigation (NBI) announced the arrest last week, having worked with Comelec and other government agencies on the case, according to the Manila Bulletin.
They’re currently analyzing the computer of the 23-year-old IT graduate, who apparently hails from Sampaloc, Manila.
The man has been named as Paul Biteng, a security researcher listed in Facebook’s Security Hall of Fame and Microsoft’s Security Researcher Acknowledgments page, according to the paper.
He is said to have taken part in the arrest in order to highlight vulnerabilities in the Comelec site, however, Biteng may now face prosecution under the Cybercrime Prevention Law.
The site compromise led to the personal details of up to 55 million Filipinos – all the registered voters in the country – being exposed online.
Security firm Trend Micro claimed at the time that these details included 1.3 million records of overseas Filipino voters, which featured passport numbers and expiry dates.
Also publicly available online were hundreds of thousands of email addresses, plus names, dates of birth, home addresses and job titles.
The breach puts these citizens at increased risk of follow-on phishing attacks and other online scams, and even possible blackmail.
It was reported that Anonymous hackers originally compromised and defaced the Comelec site on 27 March. Then, three days later, a group going by the name 'LulzSec Pilipinas’ stuck the data online.
Comelec has sought to play down the seriousness of the incident, claiming the site that was hacked was not connected to the one used to display any electoral results.
However, Trend Micro confirmed that its own research proved “massive records of PII, including fingerprints data were leaked.”