CoWIN vaccination data out, Centre denies breach
Red Book
Red Book

GS Advance Program for UPSC Mains 2025, Cohort - 1 Starts from 24th October 2024 Click Here for more information

Source: The post is based on the article “CoWIN vaccination data out, Centre denies breach”  published in The Hindu on 13th June 2023

What is the News?

The Ministry of Health and Family Welfare has said that reports of data breach of beneficiaries who received COVID vaccination are without any basis and mischievous in nature.It said that CoWIN platform is completely safe with adequate safeguards for data privacy.

What is the CoWIN Platform?

Click Here to read

What has happened to the CoWIN Platform?

It has been reported that an automated account on messaging platform Telegram was allegedly sharing sensitive personal information of Indian citizens who signed up for the CoWIN portal for their Covid-19 vaccination.

This information included the Aadhaar and passport numbers of the persons who had signed up for the portal.

The alleged leak could impact more than 100 core individuals who have secured vaccinations after signing up through the CoWIN portal.

This includes more than 4 crore children between the age of 12-14 and over 37 crore people over the age of 45, a significant part of which could be senior citizens.

What is the Centre’s defence in this case?

There are only three ways in which data on CoWIN can be accessed:

– Firstly, a user can access their data on the portal through a one-time password (OTP) sent to their mobile number.

– Secondly, a vaccinator can access the data of a person, and the CoWIN system tracks and records each time an authorized user accesses the system

– Thirdly, third-party applications that have been provided authorized access to CoWIN APIs can access personal level data of vaccinated people after OTP authentication.

Without OTP it is not possible to access data: The government claims that without an OTP, data cannot be shared with the Telegram bot.

On database accessed by Telegram bot: The govt clarified that data being accessed by the bot from a threat actor database seems to have been populated with previously breached/stolen data. The database was other than CoWIN.

Print Friendly and PDF
Blog
Academy
Community