CoWIN data leak is the talk for the last two days. Reports said that an automated account on messaging platform Telegram allegedly shared sensitive personal information of Indian citizens — including their Aadhaar and passport numbers — who signed up for the CoWIN portal for their Covid-19 vaccination.
Following the reports, the Health Ministry as well as the IT Ministry refuted the allegation, stressing that nothing has been leaked.
WHJAT THE HEALTH MINISTRY SAID?
The Health Ministry in a statement clarified that all such reports are without any basis and mischievous in nature.
“Co-WIN portal of the Health Ministry is completely safe with adequate safeguards for data privacy,” the Ministry said. It also said that security measures are in place on the Co-WIN portal, with Web Application Firewall, Anti-DDoS, SSL and TLS, regular vulnerability assessment, Identity and Access Management and others. Only OTP authentication-based access to data is provided.
The Ministry the development team of COWIN has confirmed that there are no public APIs where data can be pulled without an OTP.
Moreover, the Ministry requested the Indian Computer Emergency Response Team (CERT-In) to look into this issue and submit a report.
WHAT THE MINISTER FOR IT SAID?
Minister of state for electronics and information technology Rajeev Chandrasekhar said in a tweet that the data being accessed by the bot seems to have been populated with previously stolen data from databases other than CoWin. The government was reviewing the existing security systems of the CoWin portal. It does not appear that the CoWin app or database has been directly breached,” he said. Chandrasekhar said CERT-In, under his ministry that looks into instances of data breaches, immediately responded to the allegations of a data breach, he tweeted.
