The Independent National Electoral Commission (INEC) has launched an investigation into what it describes as the unauthorised disclosure of voter information from its Continuous Voter Registration (CVR) database, insisting there was no external breach of its system.
The commission’s response follows public outrage over the circulation of details belonging to Nollywood actor Emeka Ike, whose voter registration record was shared online amid controversy surrounding his participation in a recent political party primary in the Federal Capital Territory (FCT).
In a press statement issued on Tuesday, INEC said it had “immediately commenced a thorough investigation to establish the facts surrounding the incident” after allegations of unauthorised access surfaced on social media.
The controversy was triggered by a post on X by Lere Olayinka, media aide to the FCT Minister, Nyesom Wike, who published screenshots showing Ike’s voter registration transfer from Imo State to Abuja. The post sparked widespread criticism over possible misuse of restricted electoral data.
INEC, however, moved to allay fears of a cyberattack on its systems, stating that preliminary findings showed no evidence of hacking or external intrusion.
“Preliminary findings from the Commission’s audit trail so far, however, indicate that there was no external breach of the CVR database, no hacking incident, and no unauthorised external access to the Commission’s ICT infrastructure,” the statement read.
Instead, the commission attributed the leak to the misuse of authorised internal access. According to INEC, the information “was accessed through valid user credentials assigned to personnel participating in the ongoing CVR exercise but released without authority.”
INEC explained that, as part of the nationwide CVR exercise, designated registration officers are granted controlled access to specific components of the system strictly for official duties, including registering new voters, processing transfers, and updating records. Such access, it noted, is withdrawn at the end of the exercise.
The commission disclosed that its audit trail had already identified the user account involved in the incident, adding that “relevant personnel have been questioned, and all units connected with the incident are cooperating fully with the investigation.”
It further stated that a comprehensive review of “all technical, administrative and operational factors” is underway to determine individual responsibility and establish whether internal access-control protocols were breached.
While acknowledging the seriousness of the incident, INEC stressed that it was limited in scope and did not compromise the wider voter database.
“The incident under investigation relates to the retrieval of a specific voter record and does not indicate any compromise of the Commission’s broader voter registration infrastructure or the personal data of over 90 million registered voters,” it said.
The electoral body also sought to reassure Nigerians of its commitment to data protection, stating that it “takes the security, confidentiality and integrity of voter data with the utmost seriousness” and remains dedicated to “transparency, institutional integrity, and the protection of voters’ personal information.”
Meanwhile, the Department of State Services (DSS) has commenced a separate investigation into the matter. INEC said it would cooperate fully with security agencies and “will not hesitate to refer any person found culpable for appropriate legal action.”
Amid the fallout, Ike has reportedly threatened legal action, describing the publication of his personal data as “political rascality.”
INEC urged the public and media to exercise restraint while investigations continue, cautioning against speculation.
“Members of the public and the media are therefore urged to disregard unfounded speculations while investigations remain ongoing,” the commission said, adding that it would make its final findings public in due course.
