Smartmatic Admits To Massive Leak

( Last Sunday, the Philippine National Bureau of Investigation (NBI) raided the home of a former Smartmatic employee who allegedly stole a laptop belonging to the country’s automated elections service provider. The employee is suspected of being behind the April 1 data leak of Smartmatic’s system.

According to reports, the Philippine Commission on Elections (Comelec) confirmed the April 1 data breach but said the breach was not related to the upcoming May elections.

Comelec Chairman Saidamen Pangarungan said on April 1 that the breach involved internal data for Smartmatic and the employee had been fired. Panarungan said neither the security of the ballots nor the configured secure digital card was not compromised by the breach.

Pangarungan confirmed that the National Bureau of Investigation was looking into the incident.

And on Sunday, April 10, the NBI raided the home of the Smartmatic employee, Ricardo Argana, in connection with its investigation.

According to the NBI’s chief of cybercrime, Vic Lorenzo, a cell phone, SD cards, and wireless router were recovered from Argana’s room. The stolen Smartmatic laptop was also recovered. However, since the laptop is encrypted the NBI has been unable to conduct a forensic examination.

Lorenzo said Ricardo Argana, who remains at large, would be charged with illegal access and will be assessed as a possible state witness.

The Philippine Senate conducted an investigation into the April 1 incident and concluded that Argana, described as a disgruntled Smartmatic employee, had leaked the company’s non-sensitive and internal operations materials to a hacker group in hopes of blackmailing the company.

Smartmatic maintains that the source code and elections software was rigorously reviewed by Comelec which has denied that the elections system was hacked in the breach. Comelec however, is considering filing charges against Smartmatic over the incident.

A representative from Smartmatic said the upcoming May elections remain “safe and secure,” saying in a statement on April 1 that no information related to the upcoming Philippine elections was compromised in the breach.