On 27 March 2016, hacktivist group LulzSec Pilipinas defaced and dumped the Philippines Commission on Elections (COMELEC) entire voter database — weeks before the 9 May 2016 Philippine general elections. The leak exposed the personal data of approximately 55 million registered Filipino voters — representing essentially the entire eligible voting population of the Philippines. A second hacktivist group, Anonymous Philippines, subsequently released the same data in a more searchable format. The exposed data included names, addresses, birthdays, genders, and biometric data including fingerprints for approximately 15.8 million voters who had registered for an automated voting system. Passport numbers were also included for overseas voters. This represented one of the largest government data breaches in history by percentage of national population affected. The breach occurred during the sensitive election period, raising concerns about electoral manipulation and targeted harassment of voters. The Philippine National Privacy Commission (NPC), established just months before the breach, immediately launched its first major investigation. COMELEC chair Andres Bautista was criticised for initially downplaying the breach. The NPC found COMELEC liable for multiple violations of the Data Privacy Act and ordered it to implement security improvements. The exposed fingerprint data was particularly concerning as biometric data cannot be changed if compromised.