Northeast India’s Only English and Hindi Satellite News Channel

CoWIN data leak: Centre says portal completely safe, reports of leak ‘mischievous’

First Published: 12th June, 2023 18:07 IST

There are some media reports claiming the breach of data of beneficiaries who have received COVID vaccination in the country, on some social media platforms

The Centre on Monday said that the CoWIN portal of the Health Ministry is completely safe with adequate safeguards for data privacy and termed the media reports claiming breach of data of beneficiaries who have received COVID vaccination in the country as “mischievous in nature”.

There are some media reports claiming the breach of data of beneficiaries who have received COVID vaccination in the country, on some social media platforms. These reports allege a breach of data from the Co-WIN portal of the Union Health Ministry, which is repository of all data of beneficiaries who have been vaccinated against COVID19, the statement said.

Certain posts on the social media platform Twitter have claimed using a Telegram (online messenger application) BOT, the personal data of individuals who have been vaccinated is being accessed. It is reported that the BOT has been able to pull individual data by simply passing the mobile number or Aadhaar number of a beneficiary.

According to the statement, it is clarified that all such reports are without any basis and mischievous in nature. The CoWIN portal of the Health Ministry is completely safe with adequate safeguards for data privacy. Furthermore, security measures are in place on the Co-WIN portal, with Web Application Firewall, Anti-DDoS, SSL/TLS, regular vulnerability assessment, Identity & Access Management etc. Only OTP authentication-based access to data is provided. All steps have been taken and are being taken to ensure the security of the data in the CoWIN portal.

COWIN was developed and is owned and managed by MoHFW. An Empowered Group on Vaccine Administration (EGVAC) was formed to steer the development of COWIN and for deciding on policy issues. The former CEO National Health Authority (NHA), chaired EGVAC which also included members from MoHFW and MeitY, the statement added.

Co-WIN data access – At present individual level vaccinated beneficiary data access is available at three levels, as below:

Beneficiary dashboard- The person who has been vaccinated can have an access to the Co-WIN data through use of registered Mobile number with OTP authentication.

Co-WIN authorized user- The vaccinator with use of authentic login credential provided can access personal level data of vaccinated beneficiaries. But the COWIN system tracks & keeps record of each time an authorized user accesses the COWIN system.

API based access – The third party applications who have been provided authorised access of Co-WIN APIs can access personal level data of vaccinated beneficiaries only through beneficiary OTP authentication.

Telegram BOT –
Without OTP vaccinated beneficiaries’ data cannot be shared to any BOT.

Only Year of Birth (YOB) is captured for adult vaccination but it seems that on media posts it has been claimed that BOT also BOT mentioned date of Birth (DOB).

There is no provision to capture address of beneficiary.

The development team of COWIN has confirmed that there are no public APIs where data can be pulled without an OTP. In addition to the above, there are some APIs that have been shared with third parties such as ICMR for sharing data. It is reported that one such API has a feature of sharing the data by calling using just a mobile number of Aadhaar. However, even this API is very specific and the requests are only accepted from a trusted API that has been white-listed by the Co-WIN application, the statement further said.

Union Health Ministry has requested the Indian Computer Emergency Response Team (CERT-In) to look into this issue and submit a report. In addition, an internal exercise has been initiated to review the existing security measures of CoWIN.

CERT-In in its initial report has pointed out that the backend database for the Telegram bot was not directly accessing the APIs of the CoWIN database. (ANI)

Also Read: Dutch YouTuber vlogs about attack by “angry man” in Bengaluru market; street vendor arrested

COMMENTS

Leave a Reply

Your email address will not be published. Required fields are marked *

WE RECOMMEND

Banner
Parliament 2024 Winter Session: Both Houses adjourned, to meet again on Wednesday

Earlier today, INDIA bloc leaders of both houses held a meeting at the office of Rajya Sabha leader of Opposition, Mallikarjun Kharge.

25th November 2024
Banner
Dharamshala: Tibetan Monk Transforming Lives of Slum Children Helping Them Through Higher Studies

The monk has changed the lives of hundreds of slum children who, until they met him, were either ragpickers or used to beg on the streets.

25th November 2024
Banner
Parliament Winter Session: Nirmala Sitharaman to Move Bills to Amend Banking Laws

Union Railways Minister Ashwini Vaishnaw will move the Railways (Amendment) Bill, further to amend the Railway Act, 1989.

25th November 2024
Banner
Asom Gana Parishad lauds PM Modi’s leadership as BJP-led Mahayuti sweeps Maha polls

The BJP saw a fabulous strike rate with the party winning 133 of the 148 seats it contested in Maharashtra.

24th November 2024
Banner
Wayanad bypolls: Priyanka Gandhi Vadra leads with 5,672 votes; CPI, BJP candidates trail in 2nd, 3rd spots

If Priyanka Gandhi wins from Wayanad, she will be the third person from the Gandhi family to enter Parliament.

23rd November 2024