Bengaluru (Aryavarth): TThe Ministry of Health and Family Welfare in India has issued a statement denying reports of a data breach in the Co-WIN portal, which is used for COVID-19 vaccination registration and data management. According to the ministry, certain social media posts claimed that personal data of vaccinated individuals was being accessed through a Telegram bot by using their mobile number or Aadhaar number. However, the ministry clarified that these reports are baseless and mischievous.
The ministry emphasized that the Co-WIN portal is completely safe and has adequate safeguards for data privacy. They have implemented security measures such as a Web Application Firewall, Anti-DDoS, SSL/TLS, regular vulnerability assessments, and Identity & Access Management. Access to data on the Co-WIN portal is only provided through OTP authentication.
The Co-WIN system is developed and managed by the Ministry of Health and Family Welfare. It is overseen by an Empowered Group on Vaccine Administration (EGVAC), which includes members from the ministry and the Ministry of Electronics and Information Technology (MeitY). The system provides access to vaccinated beneficiary data at three levels: the individual beneficiary dashboard, authorized users (vaccinators), and third-party applications with authorized API access.
The ministry stated that there are no public APIs in the Co-WIN system that allow data to be pulled without OTP authentication. While some APIs have been shared with trusted third parties like the Indian Council of Medical Research (ICMR), these APIs are specific and require authentication. The ministry has requested CERT-In (Indian Computer Emergency Response Team) to investigate the issue and submit a report. Additionally, an internal review of the Co-WIN security measures has been initiated.
In their initial report, CERT-In found that the backend database for the Telegram bot was not directly accessing the Co-WIN database APIs. This suggests that the alleged data breach did not occur through the Co-WIN system.
TMC Leader alleges Co-WIN data leaked online
According to a report from a news agency, Saket Gokhale, a spokesperson for the Trinamool Congress, has alleged a data breach involving the personal information of citizens, including politicians and journalists, who received the COVID-19 vaccine.
Gokhale claimed that personal details such as mobile numbers, Aadhaar numbers, passport numbers, voter IDs, and family member details have been leaked and are freely available. He specifically mentioned the data breach of several opposition MPs, including Derek O'Brien, P. Chidambaram, Jairam Ramesh, K.C. Venugopal, Haribansh Narayan Singh, Sushmita Dev, Abhishek Manu Singhvi, and Sanjay Raut. Gokhale also mentioned the alleged breach of senior journalists' data, including Rajdeep Sardesai, Barkha Dutt, Dhanya Rajendran, and Rahul Shivshankar.
Gokhale questioned the Modi government about the leak, considering their claims of following strong data security practices. He criticized the government for not being aware of the breach and not informing the public about it. He further questioned who has been given access to sensitive personal data such as Aadhaar and passport numbers. Gokhale expressed serious concern about the issue and raised questions about the competence of Ashwini Vaishnaw, the minister in charge of the Electronics, Communications, and IT portfolios, as well as Railways.
Get our Digital Edition at Rs 1100 per year. 51% used for Gau Seva, 49% used for our operations. Subscribe here - http://pages.razorpay.com/TAVEDE
