- June 12, 2023
Minister Says No CoWin Data Breach, Explains What Really Happened
New Delhi:
The Centre today dismissed reports claiming a breach of data of people registered on the CoWin portal of the Health Ministry. Union Minister Rajeev Chandrasekhar has assured that the CoWin app – a repository of COVID-19 vaccination data – “does not appear to be directly breached”.
The clarification came after reports earlier in the day suggested a CoWin data breach, reportedly allowing access to certain personal information that an individual gave on the government’s portal for vaccination.
The Minister of State for IT, in a tweet, explained that “previously stolen data” was seemingly accessed by a Telegram (online messenger application) bot. “A Telegram Bot was throwing up Cowin app details upon entry of phone numbers. The data was being accessed by bot from a threat actor database, which seems to have been populated with previously stolen data,” he said.
With ref to some Alleged Cowin data breaches reported on social media, @IndianCERT has immdtly responded n reviewed this
✅A Telegram Bot was throwing up Cowin app details upon entry of phone numbers
✅The data being accessed by bot from a threat actor database, which seems to…
— Rajeev Chandrasekhar 🇮🇳 (@Rajeev_GoI) June 12, 2023
Mr Chandrasekhar further said the National Data Governance policy has been finalised that will create a common framework of data storage, access and security standards in the country.
“With reference to some alleged CoWin data breaches reported on social media, @IndianCERT has immediately responded and reviewed this,” he tweeted.
According to reports and posts circulating on social media, information including a person’s phone number, gender, ID card information, date of birth, last four digits of Aadhaar, as well as the name of the centre where the vaccine was received were also leaked on the channel.
The government has termed these reports “mischievous” and “without any basis”, and that the matter has been reviewed by the country’s nodal cyber security agency CERT-In. It assured that the data in the portal is completely safe.
“Without OTP, vaccinated beneficiaries’ data cannot be shared to any BOT,” the Health Ministry said.
The CoWin was developed and is owned and managed by the Ministry of Health and Family Welfare. An Empowered Group on Vaccine Administration (EGVAC) was formed for steering the development of COWin and for deciding on policy issues.