Was IEBC hacked and voters details stolen? - Wafula Chebukati counters DCI report

Responding to a report filed by the Directorate of Criminal Investigations (DCI), Chebukati assured members of the public that the incident had not occurred.

DCI had reported: "Earlier, the suspects had hacked into the Independent Electoral and Boundaries Commission (IEBC) database, and acquired personal details of 61,617registered voters from a county in western Kenya.

"The data, which was found in his possession, contains names of registered voters, their ID numbers and dates of birth. Using the fraudulently acquired personal details, the suspects then contact different wireless carriers and convince the customer service agents hat they are the true owners of the line. Upon successful SIM swapping, the suspect is granted full access to the victim’s online accounts," DCI reported.

Chebukati stated that the electronic voters register is hosted in different servers which are tough to hack.

"The Commission would like to clarify that this information is not factual. The Commission’s register of voters is kept in a Biometric Voter Registration (BVR) system which is hosted on several servers. The BVR system has been designed to have its own isolated network, set of servers as well as user account directory to ensure integrity, confidentiality and high availability," the Commission chair clarified.

He added that the details acquired by the suspects arrested by DCI may have been accessed through proper channels.

"Since installation and commissioning of the system 8 years ago the BVR system that hosts the register of voters used during elections has never been hacked because the servers are not connected to the open internet. In addition, the rest of the Commissions entire internal network is a high security firewall system," Chebukati explained.

IEBC Chairman Wafula Chebukati IEBC Chairman Wafula Chebukati ece-auto-gen

The Commission Chairperson added that the elections body is bound by the Constitution to provide certain voter details when they are required.

He added that the body disseminates this information as outlined by the country's privacy laws.

"These requests are serviced upon payment of certain fees and in accordance with privacy Laws requiring personally identifiable information to be kept confidential. What is currently being reported in the media is not data obtained through hacking of the BVR system but possibly from entities that may have legitimately obtained from the Commission through formal request and upon payment of requisite fees.

"The Commission invests highly in security of its information assets, including the electoral technologies and would like to assure all Kenyans that it is committed to protecting the same by ensuring their confidentiality, integrity and availability at all times," Chebukati stated.