ABUJA, NIGERIA — The Independent National Electoral Commission (INEC) is facing intense public scrutiny following allegations that Lere Olayinka, a media aide to Federal Capital Territory (FCT) Minister Nyesom Wike, gained unauthorized access to a restricted backend portal containing sensitive voter data.
The incident has triggered widespread outrage among digital rights advocates, legal experts, and opposition figures, with many calling for an immediate investigation under Nigeria’s cybercrime and data protection laws.
The Controversy: A Leaked Backend Screenshot
The uproar began after Olayinka published a post on social media intended to address a political dispute. The post included a screenshot of a voter’s registration status. However, eagle-eyed internet users quickly noticed that the image originated from a restricted administrative URL: cvradmin.inecnigeria.org.
The portal is a password-protected, internal database used exclusively by INEC administrators to manage Continuous Voter Registration (CVR) and voter transfers. It is not accessible to the general public.
The revelation sparked immediate alarm online, with the Foundation for Investigative Journalism (FIJ) and tech-savvy citizens questioning how a political appointee obtained direct backend access to critical national infrastructure.
Calls for DSS Investigation and Severe Legal Penalties
The incident has led to a chorus of demands for accountability. Prominent public commentators, including veteran broadcaster Dr. Reuben Abati, have called on the Department of State Services (DSS) and police cybercrime units to step in.
Legal analysts note that if Olayinka did access the server without official authorization, the legal ramifications are severe under two primary statutes:
- The Cybercrimes (Prohibition, Prevention, etc.) Act: Under Nigerian law, unauthorized access to critical national information infrastructure carries heavy penalties. Depending on the intent and the level of data compromised, a conviction can yield prison sentences exceeding 10 years without the option of a fine.
- The Nigeria Data Protection Act (NDPA): The unauthorized exposure and distribution of a citizen’s private biographical and registration data violates strict statutory privacy safeguards, exposing both the leaker and the agency to major legal liabilities.
“The integrity of our electoral system relies entirely on the security of its data,” said Abuja-based digital rights attorney Chidi Okechukwu. “If a political aide can access or procure screenshots from the admin backend of INEC, it suggests either a profound insider breach or a catastrophic vulnerability in our national database.”
Counter-Claims: Was it a Leak or a Share?
As the backlash intensifies, defenders and some technical observers have offered alternative explanations for the screenshot:
- Ad-Hoc Personnel Involvement: Some suggest the screenshot may have originated from a low-level INEC ad-hoc staff member or a local registration agent who had legitimate access during a routine voter transfer process.
- Third-Party Sourcing: A prominent defense argues that Olayinka did not personally log into or breach the server. Instead, it is claimed he merely re-posted an image provided to him by a third party or the voter in question to prove a point, unaware of the security implications of the URL displayed at the top.
INEC and Law Enforcement Remain Silent
INEC has not released an official statement clarifying whether its systems were compromised, or if an internal administrative account has been flagged for a data breach. The FCT Minister’s office has also not formally responded to the growing demands for Olayinka’s suspension or questioning.
With public pressure mounting, civil society organizations are warning that a failure to investigate the source of the leak could permanently damage public trust in the biometric integrity of Nigeria’s future elections.
