The government has dismissed claims of a data breach on the CoWIN portal as “mischievous” and assured that the platform is safe with adequate data privacy safeguards. The country’s nodal cyber security agency, CERT-In, has reviewed the matter and stated that it does not appear that the CoWIN app or database has been directly breached. The Union Health Ministry has initiated an internal exercise to review existing security measures. However, opposition parties have demanded an inquiry into the data breach claims and criticized the government for not implementing a data protection law. Congress MP Karti Chidambaram raised concerns about citizen privacy and called for a high-level judicial probe into the government’s data management apparatus. Refuting the reports, Union Minister Rajeev Chandrasekhar explained that a Telegram Bot was accessing data from a previously breached/stolen database, not directly from the CoWIN app or database. The health ministry clarified that the reports of data breach were baseless and stated that the CoWIN portal is completely safe with measures like web application firewall, vulnerability assessment, and OTP authentication-based access. It emphasized that data cannot be shared without OTP, and certain claims about the bot accessing additional personal information were unfounded. The CoWIN system tracks and records user access, and the development team confirmed that no public APIs allow data retrieval without OTP. Some APIs have been shared with trusted parties like ICMR for data sharing, but access is limited and closely monitored.
Post Your Comments