Reports Of CoWIN Data Leak 'Mischievous', Platform Safe, Says Health Ministry

Amid reports that personal information of citizens who registered on the CoWIN portal for their Covid-19 vaccination was leaked, the Union Health Ministry on Monday said the platform had adequate safeguards for data privacy.

Calling the reports without any basis and mischievous in nature, the Health Ministry said, "Security measures are in place on CoWIN portal, with Web Application Firewall, Anti-DDoS, SSL/TLS, regular vulnerability assessment, Identity and Access Management etc. Only OTP authentication-based access of data is provided."

The government statement comes after news portal South Asia Index, in a series of tweets, claimed sensitive personal details of politicians, bureaucrats, and others were leaked on messaging platform Telegram.

The leaked data allegedly includes Aadhaar, voter ID, passport numbers and cellphone numbers of those who received Covid-19 vaccines. However, the Telegram account has been inactive since Monday morning.

READ | IT Ministry Probing CoWIN Vaccination 'Data Leak': Reports

The Health Ministry said access to CoWin data was available at three levels -- beneficiary dashboard, authorised user and API-based access. The government made it cleared that without an OTP, the vaccinated beneficiaries' data cannot be shared to any Bot.

The Union Health Ministry has requested the Indian Computer Emergency Response Team (CERT-In) to look into this issue and submit a report.

"An internal exercise has been initiated to review the existing security measures of CoWIN. CERT-In, in its initial report, has pointed out that backend database for Telegram bot was not directly accessing the APIs of CoWIN database," the statement said.

Trinamool Congress leader Saket Gokhale alleged that the leaked data includes the details of Rajya Sabha MP Derek O'Brien, Congress's senior leaders P Chidambaram, Jairam Ramesh and KC Venugopal, Rajya Sabha MPs Sushmita Dev, Abhishek Manu Singhvi, and Shiv Sena's Sanjay Raut.

Gokhale also shared the screenshots of the breach on his official Twitter account. "This is a matter of national concern," he tweeted.