Union Health Ministry Says No CoWin Data Breach
New Delhi: The Centre today denied reports of a data breach involving users enrolled on the Health Ministry’s CoWin site. Union Minister Rajeev Chandrasekhar has guaranteed that the CoWin app, which stores COVID-19 vaccination data, “does not appear to have been directly breached.”
The statement came after reports earlier in the day revealed a breach, giving access to specific personal information provided by an individual on the government’s immunisation portal.
In a tweet, the Minister of State for IT said that “previously stolen data” was apparently accessed by a Telegram (online message programme) bot. “When phone numbers were entered, a Telegram Bot displayed Cowin app details.” The data was obtained by bot from a threat actor database, which appeared to be loaded with previously stolen data, he said.
Mr. Chandrasekhar also stated that the National Data Governance policy has been finalised, which would establish a national framework for data storage, access, and security regulations.
According to reports and social media posts, details such as a person’s phone number, gender, ID card information, date of birth, Aadhaar last four digits, and the name of the centre where the vaccine was taken were also published on the channel.
These reports have been labelled “mischievous” and “without any basis” by the government, and the situation has being reviewed by the country’s nodal cyber security agency, CERT-In. It ensured that the information in the portal is entirely secure.
“Without OTP, vaccinated beneficiaries’ data cannot be shared with any BOT,” according to the Health Ministry.
According to reports and social media posts, details such as a person’s phone number, gender, ID card information, date of birth, Aadhaar last four digits, and the name of the centre where the vaccine was taken were also published on the channel.
It is made clear that all such reports have no substance and are malicious in nature. The Health Ministry’s Co-WIN portal is totally secure, with necessary measures for data privacy.
Furthermore, security mechanisms such as Web Application Firewall, Anti-DDoS, SSL/TLS, frequent vulnerability assessment, Identity & Access Management, and so on are in place on the Co-WIN site. Only OTP authentication-based data access is available. All precautions have been taken, and continue to be taken, to protect the security of the data in the CoWIN site.
YOU MIGHT ALSO LIKE
Trending Searches Today | Union Health Ministry Says No CoWin Data Breach