What to do if your personal information is included in the leaked COMELEC data
If you managed to check the website where the leaked data (search here) from COMELEC and found that your personal information is included, then you could face risk in being targeted to further exposure like identify theft and unauthorized access to personal or financial accounts.
Based on the data that we saw, it is probable to gain access to your online accounts (Facebook, Twitter, etc.), banking accounts, credit card and other related online services.
So what do you do? Here are some tips for you to take in order to mitigate or minimize further exposure:
1) List down all your important online accounts starting with your FB all the way to your Paypal or banking accounts, credit card, postpaid account (Globe and Smart portal) and other services that you regularly use. Make a checklist and go thru them one by one so it’s easier and you will not miss anything later on.
2) Log in to those sites and immediately change your passwords, just to be sure. Most people would have a Facebook account so double check the security settings of your account and hide personal information like mobile number and similar ones. A lot of people also use their emails (GMail, Yahoo) as primary access to other online accounts. Make sure the passwords are harder (alphanumeric, more than 8 characters and use special character) and enable SMS notification.
3) Look for the Security settings and modify your Challenge Questions. Normally you would have your birth date, mother’s maiden name and address as the usual challenge questions, all of which are available in the leaked data from the COMELEC.
Some banks like BDO use personal information when you request for a password reset. In our case, it’s the city I was born I and my mother’s maiden name.
4) Use two-factor authentication. This sends a PIN code to your mobile phone whenever there is a valid access to your account. A lot of sites already has this feature so check it and activate it.
5) Call your credit card company and phone banking company and change some of your old information that was leaked from the COMELEC database. While you can’t change your birth date and mother’s maiden name, perhaps a change of address (to a parent’s address or office address) could minimize the risk.
On top of these, be always on the look out for signs of activity especially in your financial accounts.
In our case, we started with our bank accounts, then postpaid accounts with Globe and Smart (online portal) and then credit card accounts.
Aside from your online accounts there could also be other identity-theft related activities that can expose you. We’ve already heard of unscrupulous individuals scamming telecoms companies by opening postpaid accounts with free devices, people requesting a supplementary credit card account under your name without your approval, and incidents of people getting SSS loans under a stolen identity.
The COMELEC has downplayed the risk of exposure of millions of voters as a result of the leaked data. The repercussions might be far more than what they’d like to admit but the risks are very real.
The least they could do is to swiftly act on a massive information dissemination to all those affected and coordinate with government agencies and financial institutions that could be affected by these leaked data. Those personal data are already out there and there’s nothing we could do but be aware and make the necessary actions to minimize the potential risks and avoid further exposure.