Trinamool Congress MP Derek O’Brien has filed a case over reports of a leak of confidential and sensitive data stored in the CoWIN portal, India Today reported on Thursday. He claimed that the reported data breach was a 'deep-rooted conspiracy' involving 'high-ranking public servants, government authorities and other unknown persons'. He said the breach "poses a direct threat to the functioning of the various organs of the different government organizations".
"A deep-rooted conspiracy is at play which involves high-ranking public servants, government authorities, and other unknown persons who have divulged sensitive data concerning the citizens and, in the process, allowed personal data theft to private entities," the TMC leader said in his complaint to the Lalbazar Cyber Police Station in Kolkata.
"The news about yesterday's data breach on Telegram is only the tip of the iceberg and it remains to be investigated as to how far and how deep such data has been divulged to private entities, both within India as well as to foreign players."
Earlier this week, some people claimed that data from the CoWIN portal, which was launched to facilitate the registration and scheduling of Covid vaccines, was available online for all to access. Responding to the claims, Union Minister of State for Electronics and Information Technology Rajeev Chandrasekhar said that a Telegram Bot was throwing up CoWIN app details upon entry of phone numbers.
"The data being accessed by a bot from a threat actor database, which seems to have been populated with previously stolen data stolen in the past. It does not appear that CoWin app or database has been directly breached," the minister said.
The Union Health Ministry dismissed as "mischievous" the claims of a data breach on the platform and said the matter had been reviewed by the country's nodal cyber security agency CERT-In. In its statement, the health ministry said there was no basis for the reports alleging the breach of data from the CoWIN portal, which is the repository of all data of beneficiaries who have been vaccinated against Covid.
"It is clarified that all such reports are without any basis and mischievous. The CoWIN portal of the Health Ministry is completely safe with adequate safeguards for data privacy," it said, adding that the security measures are in place on the portal with a web application firewall, regular vulnerability assessment, and identity and access management. "Only OTP authentication-based access of data is provided. All steps have been taken and are being taken to ensure the security of the data in the CoWIN portal," the ministry said. "CERT-In in its initial report has pointed out that the backend database for the Telegram bot was not directly accessing the APIs of the CoWIN database," the statement said. It said certain Twitter users have claimed the personal data of individuals who have been vaccinated is being accessed using a Telegram (online messenger application) Bot. It is reported that the bot has been able to pull individual data by simply passing the mobile number or Aadhaar number of a beneficiary, the ministry said.
(With inputs from PTI)