According to the center, the security portal CoWin describes reports of data leaks as "malicious".
The report revealed that sensitive personal information of several politicians, bureaucrats and individuals - who had registered with CoWIN - were leaked through a Telegram bots account.
The center has ensured that the data of the CoWin portal – the national platform for monitoring Covid-19 vaccinations – is absolutely safe after reports of personal data breaches of people registered on the portal. The reports are "harmful," the center said.
“The Co-WIN portal of the Ministry of Health is absolutely secure with data protection measures.. It only provides access to data based on OTP authentication” Read the press release from the EU Ministry of Health.
Snsitive personal information on politicians, bureaucrats and others was leaked on social media platform Telegram, the South Asia Index-based news site reported in a series of tweets this morning.
The data allegedly leaked includes Aadhaar, voter IDs, passport numbers and mobile phone numbers of people who have received Covid-19 vaccines, the South Asia Index tweeted. "During this serious breach, details of the family members of all Indians vaccinated against COVID-19 were also released," read another tweet...
Just IN:— Major data breach in India;
— South Asia Index (@SouthAsiaIndex) June 12, 2023
Personal data of all vaccinated Indians have been leaked online.
☆ Leaked data has Aadhaar, voter ID, Passport numbers & mobile numbers of Indians who got covid-19 vaccines.
The center listed the security measures in its statement – including “Web application firewall, anti-DDoS, SSL/TLS, regular vulnerability assessment, identity and access management”. The statement also said that the EU Department of Health had asked CERT-In - the government's Computer Incident Response Team - to investigate the matter and submit a report. Shortly thereafter, EU Electronics and Technology Minister Rajeev Chandrasekhar tweeted:
With ref to some Alleged Cowin data breaches reported on social media, @IndianCERT has immdtly responded n reviewed this
— Rajeev Chandrasekhar 🇮🇳 (@Rajeev_GoI) June 12, 2023
✅A Telegram Bot was throwing up Cowin app details upon entry of phone numbers
✅The data being accessed by bot from a threat actor database, which seems to…
The Trinamool opposition Congress said the leaked figures included figures from MP Rajya Sabha and his senior party colleague Derek O'Brien, senior Congress leaders P Chidambaram, Jairam Ramesh and KC Venugopal, Rajya Sabha Deputy Speaker Haribansh Narayan Singh, Rajya Sabha MPs Sushmita Dev, Abhishek Manu Singhvi and Sanjay Raut of Shiv Sena.
He even included screenshots in his tweets.
The Telegram account through which the personal data was provided has been inactive since morning. The bot apparently displayed the person's name, the government-issued ID they used when they were vaccinated, and the location of the vaccination. It also contains date of birth and passport number data of people who have updated their CoWIN for traveling abroad.
CoWIN is integrated with the Aarogya Setu and UMANG applications.UMANG (Unified Mobile Application for New-age Governance) provides a single platform to access eGovernment services across India, from central to local authorities.