Philippine police have arrested a second man in connection with the major breach of election commission Comelec which exposed the personal details of all the voters in the country.
Joenel de Asis, 23, was cuffed at his home in Muntinlupa City by officers from the National Bureau of Investigation (NBI).
The systems integrator said he wanted to highlight security deficiencies in the Comelec website, according to the Manila Bulletin.
He’s said to have hacked the site and stolen 340GB of data five days before the site was defaced by Anonymous hacktivists, but denies uploading it to the WeHaveYourData.com site.
De Asis, an SI at a semiconductor firm in Muntinlupa, has admitted he belongs to LulzSec Philippines.
It’s thought the hack may have exposed the details of as many as 55 million Filipinos – the entire registered voting population.
As such, its thought to be one of the worst ever government-related data breaches – putting the 21m records obtained in the US OPM hack in the shade.
Details from Comelec have been sparse, but security vendor Trend Micro claimed that included in the data dump are 1.3 million records of overseas Filipino voters, featuring passport numbers and expiry dates.
Also apparently in there are 15.8 million records of fingerprints and a list of people running for office since the 2010 elections.
However, De Asis claimed the massive data breach will not affect the upcoming national election, as the servers running Comelec’s site are separate from those connected to the Vote Counting Machines (VCMs).
The arrest follows that of Anonymous member Paul Biteng last week. Manila-based Biteng is a security researcher listed in Facebook’s Security Hall of Fame and now faces – as presumably De Asis does – prosecution under the Cybercrime Prevention Law.
The breach has put those whose details were exposed at risk of follow-on attacks such as phishing and other online scams.
Attention will now turn to the third person police want in connection with the cyber attack last month.