In a recent development, the CoWin portal, India’s Covid-19 vaccination tracking platform, has come under scrutiny following reports of a data breach. Several politicians, bureaucrats, and individuals who had registered on the platform allegedly had their sensitive personal information leaked on the social media platform Telegram. The leaked data reportedly includes Aadhaar numbers, voter IDs, passport numbers, cellphone numbers, and even details of family members.
The Union Health Ministry, responsible for the CoWin portal, has vehemently denied the data breach allegations, referring to them as “mischievous” in a statement. The ministry assures the public that the CoWin portal is completely safe, highlighting the presence of safeguards for data privacy, including OTP authentication-based access. It further stated that security measures such as web application firewall, anti-DDoS, SSL/TLS, regular vulnerability assessment, and identity and access management are in place.
However, data-driven news portal South Asia Index reported a series of tweets claiming the leak of sensitive personal details and criticizing the breach. The leaked information allegedly contains personal data of prominent politicians and bureaucrats, including Rajya Sabha MP Derek O’Brien, senior Congress leaders P Chidambaram, Jairam Ramesh, and KC Venugopal, Deputy Chairman Rajya Sabha Haribansh Narayan Singh, Rajya Sabha MPs Sushmita Dev and Abhishek Manu Singhvi, and Shiv Sena’s Sanjay Raut.
The Telegram account responsible for sharing the personal details has been inactive since the morning, indicating that the data leak may have been halted. The account reportedly displayed individuals’ names, government IDs used for vaccination, vaccination locations, and even passport numbers for those who updated their CoWin records for foreign travel.
The CoWin portal plays a crucial role in India’s vaccination drive against Covid-19 and is integrated with other applications such as Aarogya Setu and UMANG. UMANG, the Unified Mobile Application for New-age Governance, serves as a centralized platform for accessing a wide range of government services. With the integration, concerns are raised not only about the CoWin portal’s security but also the potential risks associated with interconnected platforms.
In response to the data breach, the Union Health Ministry has requested the government’s computer emergency response team, CERT-In, to investigate the matter and submit a report. The investigation aims to shed light on the extent of the breach, identify the perpetrators, and propose additional security measures to prevent future incidents.
As the issue unfolds, it highlights the urgent need for robust data protection measures and stringent security protocols across government platforms. Safeguarding personal information is crucial to maintaining public trust and ensuring the integrity of vital systems such as the CoWin portal. The incident also serves as a reminder for individuals to remain vigilant about their personal data and take necessary precautions when sharing information online.
The Indian government faces the challenge of addressing the concerns raised by the alleged data breach promptly and effectively, while simultaneously strengthening the security infrastructure to prevent such incidents in the future. The outcome of the CERT-In investigation and subsequent actions taken by the authorities will be crucial in restoring public confidence and maintaining the privacy and security of personal data on government platforms.