The Independent Electoral and Boundaries Commission (IEBC) has refuted claims by police that a fraudster hacked into its database and retrieved personal details from voter registers.
The commission through its chair Wafula Chebukati issued the statement on Sunday following reports that their systems had been hacked.
IEBC said the information was not factual since the register of voters is kept in the Biometric Voter Register (BVR) system hosted on several servers.
The commission also said the BVR system was designed with security features to ensure integrity, confidentiality and high availability.
“The BVR system has been designed to have its own isolated network, set of servers as well as user account directory to ensure integrity, confidentiality and high availability,” the statement read in part.
Read More
IEBC also said the BVR system had never been breached since it was commissioned 8 years ago because its servers are not connected to the internet.
The commission also said its entire internal network is behind a high security firewall.
IEBC said the data in question may have been obtained in a constitutional manner following various entities requests to have the register of voters for particular areas at a fee.
“In accordance with access to information as provided for by the Constitution, the Commission services numerous requests by various entities requiring a register of voters for specific electoral areas. These requests are serviced upon payment of certain fees and in accordance with privacy laws requiring personally identifiable information to be kept confidential,” the statement continued.
IEBC asserted that it has invested highly in the security of its system and assured all Kenyans it was committed to protecting it by ensuring its confidentiality, integrity and availability at all times.
IEBC was reacting to reports by the Directorate of Criminal Investigations (DCI) that a young fraudster hacked into IEBC servers and retrieved a database from a region in Western Kenya and used that information to commit mobile phone fraud.