Developed by the Government of India, CoWIN was designed to streamline the vaccination process during the COVID-19 pandemic. However, despite its noble intentions, the CoWIN app recently suffered a major data breach, raising concerns about data security and privacy. Let's delve into the details of the incident and its implications.
On June 12th reports came out on an alleged data breach in which private information of lakhs of Indians registered on the CoWIN app to avail of Covid-19 vaccination was leaked. A telegram bot has been giving away the names, date of birth, passport or Aadhar numbers, and any such details provided to the CoWIN app during registrations.
According to Newslaundry(an independent news media company), private details such as passport numbers of Telangana's minister of information and communication technology Kalvakuntla Taraka Rama Rao (popularly known as KTR), DMK MP Kanimozhi Karunanidhi, BJP Tamil Nadu president K Annamalai, Congress MP Karti Chidambaram and former union minister of health Harsh Vardhan of the BJP were available on this bot. they confirmed that all of them had provided their passport numbers for booking their vaccination slots.
However, this is not the first time that such a leak has been reported. In May 2021, reports emerged suggesting that CoWIN had suffered a major data breach, resulting in the exposure of sensitive personal information of individuals registered on the platform. The breach allegedly involved the leak of personal data, including names, addresses, phone numbers, and vaccination status of millions of users. The breach was initially identified by a French security researcher, who discovered a flaw in the CoWIN system that allowed him to extract and download the entire database of registered individuals. The researcher, who goes by the name of Elliot Alderson, shared his findings on social media, sparking widespread concern and raising questions about the security measures employed by the CoWIN app.
Following this data breach, the Indian government acknowledged the incident and assured users that necessary steps were being taken to address the issue. The CoWIN app underwent a security audit, and patches were applied to rectify the vulnerability that led to the breach. Additionally, efforts were made to raise awareness among users about data security and privacy.
However this time, The Union Ministry of Health and Family Welfare (MoHFW) on Monday dubbed the alleged data breach of Covid-19 vaccine beneficiaries as "mischievous in nature", saying that the CoWIN portal is completely safe with adequate safeguards for data privacy. In response to the data leak, Rajeev Chandrasekhar, Union Minister of State for Electronics and IT, said that it does not appear that the CoWIN app or database has been directly breached.