Details from the CoWIN portal, including Aadhaar, passport, gender, date of birth, were leaked online following a data breach. Image for representational purpose only. File
| Photo Credit: The Hindu
The Health Ministry is yet to respond to the massive CoWIN (Covid Vaccine Intelligence Network), data breach which allows access to all personal details that an individual furnished on the Central Government’s portal in order to receive the vaccine.
What is more worrying is the fact that CoWIN — which serves the function of registration, appointment scheduling, identity verification, vaccination and certification of each vaccinated member — has also been integrated into the Aarogya Setu and UMANG Apps.
UMANG (Unified Mobile Application for New-age Governance) is developed by Ministry of Electronics and Information Technology (MeitY) and National e-Governance Division (NeGD) to drive mobile governance in India. UMANG provides a single platform for all Indian Citizens to access pan India e-Gov services ranging from Central to Local Government bodies.
Details of individuals, Opposition leaders leaked
Meanwhile, the current data breach is possible if the mobile number of a person is entered — details such as the identification number of the document submitted for vaccination (Aadhaar, passport, PAN card and so forth), gender, date of birth, and the centre where the vaccine was administered, are provided as reply in an instant by the messenger bot in question.
These details could be accessed even if the Aadhaar number was entered instead of the phone number. The passport numbers of those who had updated the CoWIN portal for travel abroad were also leaked.
Details, now available in the public domain, include that of Ram Sewak Sarma, chairman of CoWIN high-power panel (the leak gives information on the ID papers submitted for vaccination), senior BJP leader Meenakshi Lekhi and Congress general secretary K.C. Venugopal (location at which they got vaccinated), the mode of registration for Kerala Health Minister Veena George.
The telegram bot (a programme that behaves like a normal chat partner with additional functions) — is also giving details of individuals and several Opposition leaders’ data including — Rajya Sabha MP and TMC Leader Derek O’Brien, former Union Minister P. Chidambaram, Congress leaders Jairam Ramesh, Deputy Chairman Rajya Sabha Haribansh Narayan Singh, Rajya Sabha MPs Sushmita Dev, Abhishek Manu Singhvi, and Sanjay Raut, among others.
ALSO READ | CoWin to gird universal immunisation
TMC spokesperson Saket Gokhale, accessed details of several politicians and journalists, in an attempt to highlight the lapse. While the bot has now been taken down, there are speculations of it returning.
The CoWIN site provides vaccination certificates to the beneficiaries, which acted as Vaccine Passports during the COVID-19 pandemic for the beneficiaries and can be stored in DigiLocker. Users can access the platform via desktop, tablet, and mobile phones.
While there have been multiple questions about the leaks, health authorities have maintained that CoWIN has a state-of-the-art secure infrastructure and has never faced a security breach and even maintained that the data of the citizens are absolutely safe.
Meanwhile, this is not the first time that such a leak has been reported. In June 2021, a hacker group named ‘Dark Leak Market’ claimed that it had a database of about 15 crore Indians who registered themselves on the CoWIN portal. Health authorities had rubbished the claims.