IEBC Admits to Selling Data to Third Parties
The Independent Electoral and Boundaries Commission (IEBC) has denied claims made by the police that the body’s servers had been hacked.
In a statement released on social media on Friday, the Directorate of Criminal Investigations (DCI) announced the arrest of a 21-year-old JKUAT student on allegations of defrauding an MPESA agent.
DCI went on to reveal that the suspect and his cronies had allegedly hacked into IEBC servers where they accessed the personal details of 61,617 Kenyans from a county in the western region.
The data included the names, ID numbers, and birth dates which they used to swap the victims’ sim cards.In a rejoinder, IEBC has now denied that such an act could have taken place.
“The Commission’s register of voters is kept in a Biometric Voter Registration (BVR) system which is hosted on several servers,” the statement read in part.
The elections body went on to boast that the servers hosting the BVR system had not been hacked once since its commission 8 years ago as it is not connected to the open internet.
The commission went on to reveal that it sells the data to various entities following Kenya’s privacy laws.
“What is currently being reported in the media is not data obtained through hacking of the BVR system but possibly from entities that may have legitimately acquired from the Commission through formal request and upon payment of requisite fees,” the commission wrote.