Independent National Electoral Commission: We Asked DSS for Updates on Lere Olayinka INEC Data Leak Investigation. They Have None

Independent National Electoral Commission: We Asked DSS for Updates on Lere Olayinka INEC Data Leak Investigation. They Have None

Unauthorized Voter Data Leak by FCT Minister’s Aide Sparks Investigations in Nigeria

More than three weeks after Nigeria’s Department of State Services (DSS) launched an investigation into the unauthorized disclosure of confidential voter registration data, no updates have been provided. The incident, involving Leke Olayinka, media aide to Federal Capital Territory (FCT) Minister Nyesom Wike, has raised concerns about data security ahead of the 2027 general elections.

On May 30, Olayinka shared screenshots on X (formerly Twitter) containing details from actor-turned-politician Emeka Ike’s voter registration record, sourced from the Independent National Electoral Commission’s (INEC) Continuous Voter Registration (CVR) database. The disclosure prompted immediate scrutiny over INEC’s data access controls.

INEC initially denied a system breach, stating that the data was accessed using valid credentials assigned to an authorized registration officer before being leaked without permission. The commission confirmed that its audit logs identified the specific account used and launched an internal investigation. The DSS and Nigeria Police Force also opened inquiries, with Olayinka summoned for questioning.

Despite public interest, neither INEC nor the DSS has disclosed findings. Legal experts argue the breach violates Nigeria’s Data Protection Act, Cybercrimes Act, and constitutional privacy protections. Festus Ogun, a human rights lawyer, criticized INEC’s internal controls, suggesting some officials may be acting for political interests. He emphasized that the Nigeria Data Protection Commission (NDPC) not the DSS holds statutory authority to investigate and impose sanctions.

Savn Daniel, another legal practitioner, expressed concerns over INEC’s independence, stating the incident undermines public trust in the electoral body. He called for an independent probe, asserting that INEC cannot investigate itself and that liability extends beyond Olayinka to the institution responsible for safeguarding voter data.

The case highlights vulnerabilities in Nigeria’s electoral data security and the need for stronger enforcement against unauthorized disclosures.

Source: https://fij.ng/article/we-asked-dss-for-updates-on-lere-olayinka-inec-data-leak-investigation-they-have-none/

Independent National Electoral Commission cybersecurity rating report: https://www.rankiteo.com/company/independent-national-electoral-commission

"id": "IND1782844321",
"linkid": "independent-national-electoral-commission",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Voters (specific number '
                                              'unknown)',
                        'industry': 'Electoral Services',
                        'location': 'Nigeria',
                        'name': 'Independent National Electoral Commission '
                                '(INEC)',
                        'size': 'Large',
                        'type': 'Government Agency'}],
 'attack_vector': 'Abuse of Authorized Access',
 'data_breach': {'data_exfiltration': 'Yes (Shared on social media)',
                 'file_types_exposed': 'Screenshots (image files)',
                 'personally_identifiable_information': 'Voter registration '
                                                        'details (name, likely '
                                                        'other PII)',
                 'sensitivity_of_data': 'High (Voter registration details)',
                 'type_of_data_compromised': 'Personally Identifiable '
                                             'Information (PII)'},
 'date_detected': '2024-05-30',
 'date_publicly_disclosed': '2024-05-30',
 'description': 'Leke Olayinka, media aide to Federal Capital Territory (FCT) '
                'Minister Nyesom Wike, shared screenshots on X (formerly '
                'Twitter) containing details from actor-turned-politician '
                'Emeka Ike’s voter registration record, sourced from the '
                'Independent National Electoral Commission’s (INEC) Continuous '
                'Voter Registration (CVR) database. The incident raised '
                'concerns about data security ahead of the 2027 general '
                'elections and prompted investigations by the DSS, Nigeria '
                'Police Force, and INEC.',
 'impact': {'brand_reputation_impact': 'Severe (INEC and Nigerian government)',
            'data_compromised': 'Voter registration data (PII)',
            'identity_theft_risk': 'High',
            'legal_liabilities': 'Potential violations of Data Protection Act, '
                                 'Cybercrimes Act, and constitutional privacy '
                                 'protections',
            'operational_impact': 'Undermined public trust in electoral body',
            'systems_affected': 'INEC Continuous Voter Registration (CVR) '
                                'database'},
 'investigation_status': 'Ongoing (no updates provided)',
 'lessons_learned': 'Vulnerabilities in Nigeria’s electoral data security; '
                    'need for stronger enforcement against unauthorized '
                    'disclosures; concerns over INEC’s independence and '
                    'internal controls.',
 'motivation': 'Political',
 'post_incident_analysis': {'corrective_actions': 'Review and strengthen '
                                                  'access controls; '
                                                  'independent audit of INEC’s '
                                                  'data security practices; '
                                                  'public disclosure of '
                                                  'investigation findings',
                            'root_causes': 'Weak internal access controls; '
                                           'potential political motivations; '
                                           'lack of enforcement of data '
                                           'protection policies'},
 'recommendations': 'Independent probe into the incident; stricter access '
                    'controls for INEC’s voter data; clearer separation of '
                    'duties; enhanced monitoring of authorized users; public '
                    'transparency on investigation findings.',
 'references': [{'source': 'News Article'}],
 'regulatory_compliance': {'legal_actions': 'Potential (under investigation)',
                           'regulations_violated': ['Nigeria Data Protection '
                                                    'Act',
                                                    'Cybercrimes Act',
                                                    'Constitutional privacy '
                                                    'protections'],
                           'regulatory_notifications': 'Nigeria Data '
                                                       'Protection Commission '
                                                       '(NDPC) holds statutory '
                                                       'authority'},
 'response': {'communication_strategy': 'Public statements by INEC; no updates '
                                        'on investigations',
              'containment_measures': 'Audit logs identified the account used; '
                                      'Olayinka summoned for questioning',
              'incident_response_plan_activated': 'Yes (Internal '
                                                  'investigation)',
              'law_enforcement_notified': 'Yes (DSS, Nigeria Police Force)'},
 'stakeholder_advisories': 'Legal experts and civil society organizations have '
                           'called for accountability and transparency.',
 'threat_actor': 'Leke Olayinka (Insider Threat)',
 'title': 'Unauthorized Voter Data Leak by FCT Minister’s Aide',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Weak Internal Access Controls'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.