Read time: 3 minutes

Kenya’s electoral body denies system security breach

Kenya , 19 Jul 2021

Kenya’s Independent Electoral and Boundaries Commission (IEBC) has refuted reports its systems were recently hacked.

An individual is reported to have been taken into custody over the weekend on suspicion of illegally accessing the Commission’s servers and exposing personal information belonging to over 60,000 voters.

Authorities said the suspect was also in possession of SIM cards reportedly linked to a mobile money scam.

However, in a strongly worded statement released to the media, IEBC Chairman Wafula Chebukati, denied that the organisations’ servers were compromised.

“The Commission’s attention has been drawn to information circulating in the media to the effect that a suspect has hacked into the IEBC database and acquired personal details of registered voters. The Commission would like to clarify that this information is not factual.”

“The Commission’s register of voters is kept in a Biometric Voter Registration (BVR) system which is hosted on several servers,” and added that over the past eight years, since the system was put in place, it has never been compromised.

Chebukati explained that those responsible may have sourced data legitimately from the IEBC upon formal request and payment of requisite fees in accordance with the law, and then used the information to breach security.

However, the Directorate of Criminal Investigations (DCI) Kenya stated that IEBC data had been hacked.

It issued a statement which read: “Earlier, the suspects had hacked into the Independent Electoral and Boundaries Commission (IEBC) database, and acquired personal details of 61,617 registered voters from a county in western Kenya.”

It added that “The data, which was found in his possession, contains names of registered voters, their ID numbers and dates of birth. Using the fraudulently acquired personal details, the suspects then contact different wireless carriers and convince the customer service agents that they are the true owners of the line.”

The electoral body has been heavily scrutnised regarding the security of their server infrastructure, particularly during the most recent general election in 2017. Opposition parties had complained that the IEBC systems were compromised, which led to the cancellation of the August 2017 elections and paved the way for a repeat election.

The country is scheduled to conduct its general elections in approximately 12 months. 

Daily newsletter