Oppn parties demand inquiry into claims of CoWIN data breach

PTI, Jun 12, 2023, 8:27 PM IST

Representative Image

Opposition parties on Monday demanded an inquiry into claims about breach of data of citizens registered on the CoWIN platform and asked the government to take deterrent action.

The government has termed such reports as ”mischievous” and ”without any basis”, while asserting that the CoWIN portal is completely safe with adequate safeguards for data privacy.

Rajeev Chandrasekhar, the Union Minister of State for Information Technology, said the nodal Indian Computer Emergency Response Team (CERT-In) immediately responded and it does not appear that the CoWIN app or database has been directly breached.

With ref to some Alleged Cowin data breaches reported on social media, @IndianCERT has immdtly responded n reviewed this

✅A Telegram Bot was throwing up Cowin app details upon entry of phone numbers

✅The data being accessed by bot from a threat actor database, which seems to…

— Rajeev Chandrasekhar 🇮🇳 (@Rajeev_GoI) June 12, 2023

Congress leaders alleged it was a case of ”criminal negligence” and asked why the government was sitting on a data protection law.

”In its Digital India frenzy, GoI has woefully ignored citizen privacy. Personal data of every single Indian who got the COVID-19 vaccination is publicly available. Including my own data. Who let this happen? Why is GoI sitting on a data protection law?” Congress MP Karti Chidambaram Minister of Electronics and Information Technology Ashwini Vaishnaw must answer, he said.

In its Digital India frenzy, GoI has woefully ignored citizen privacy. Personal data of every single Indian who got COVID-19 vaccination is publicly available. Including my own data. Who let this happen? Why is GoI sitting on a data protection law? @AshwiniVaishnaw must answer. pic.twitter.com/mlmq0OuRK5

— Karti P Chidambaram (@KartiPC) June 12, 2023

TMC national spokesperson Saket Gokhale also attacked Vaishnaw.

”This is a matter of serious national concern. And predictably, the Minister-in-charge of this is Ashwini Vaishnaw who heads the Electronics, Communications, and IT portfolios in addition to Railways. How long will incompetence of Ashwini Vaishnaw be ignored by PM Modi?” he said.

Congress spokesperson Shama Mohamed claimed the personal information of all Indian citizens, who registered themselves on the CoWIN portal, has been leaked on Telegram.

”This includes their phone numbers, Aadhar and PAN card details. The Modi government has compromised the security and privacy of Indians! This is criminal negligence!” she alleged.

In a statement, the CPI(M) demanded a thorough inquiry.

”This is of serious concern and an infringement of the right to privacy which was declared by the Supreme Court as a fundamental right of all Indians.

”CPIM demands a thorough investigation be conducted and those responsible for such a major breach in the security of personal information of Indians must be identified followed by deterrent action,” the Left party said.

Gokhale claimed that individuals whose personal data has been breached include several opposition leaders like Rajya Sabha MP and TMC leader Derek O’Brien, former Union minister P Chidambaram, Congress leaders Jairam Ramesh and KC Venugopal and Rajya Sabha MPs Sushmita Dev, Abhishek Manu Singhvi, and Sanjay Raut. He also named several journalists.

”Why is the Modi government including Home Ministry not aware of this leak and why haven’t Indians been informed about a data breach?” he said.

Minister Chandrasekhar on Monday said the National Data Governance policy has been finalised that will create a common framework of data storage, access and security standards in the country.

On data breach claims, he said Indian Computer Emergency Response Team (CERT-In) immediately responded and reviewed the matter.

A Telegram Bot was throwing up Cowin app details upon entry of phone numbers, he said.”The data being accessed by bot from a threat actor database, which seems to have been populated with previously breached/stolen data stolen from past. It does not appear that the CoWin app or database has been directly breached,” the minister said.

Reacting to it, Gokhale asked if the minister is ”admitting there was a breach in Cowin in the past and data was stolen” The CoWIN was developed and is owned and managed by the Ministry of Health and Family Welfare.

At present, the Health Ministry said in a statement, individual-level vaccinated beneficiary data access is available at three levels.

”Without OTP, vaccinated beneficiaries’ data cannot be shared to any BOT,” the ministry said.