The government denied the claims of the CoWIN data breach in 2021. (File for representation)
News18 could not independently verify the claims and has contacted MiETY and CERT-In. However, reports suggested that this could be due to a security breach related to the CoWIN portal where all these details were available
Personal information of Indians, including their Aadhaar and passport details, phone numbers, date of birth and gender, was available on the Telegram app for some time, according to recent reports and social media posts, pointing to a security breach. On the CoWIN portal where all these details were available.
It was found that if a messenger bot was given a phone number, it delivered all this information including the place where the Covid vaccination was done. Apparently, the bot became inactive this morning. According to reports and screenshots shared on social media, popular celebrities whose data has been leaked include Meenakshi Lekhi, P Chidambaram, KC Venugopal, Veena George, Jairam Ramesh, Kalvakuntla Taraka Rama Rao aka KTR, K Annamalai and Harshvardhan Are included. ,
News18 could not independently verify the claims and has reached out to the Indian Computer Emergency Response Team (CERT-In) along with the Ministry of Electronics and Information Technology (MiETY) for further understanding.
Supreme Court lawyer and cyber security expert Dr. Pawan Duggal called the incident a ‘wake-up call’. “The information which has come out in the public domain has a question mark as such details will not be available in this format. Prima facie it appears to be some kind of data breach.”
“If such data is generated, it clearly shows a connection to the CoWIN database. But only a proper criminal investigation will know whether there was a data breach targeting critical infrastructure or not and CERT-In can also do cyber security analysis,” he said.
What happened in 2021?
In 2021, when reports claimed a possible Cowin data breach, the government denied the claims.
RS Sharma, CEO of the National Health Authority, had confirmed the CoWIN portal, stating that it has state-of-the-art security infrastructure and has never faced a security breach.
“The data of our citizens on CoWIN is absolutely #safe and #secure. Any news about data leak from CoWIN means nothing,” he tweeted.
absolute security a myth
However, Dr Duggal said that absolute protection does not exist and what was safe yesterday may not be safe today or tomorrow. “If an organization says we are 100% secure, it is not correct. But we have to find loopholes that can potentially be exploited by cyber criminals,” he said.
According to the cyber expert, only an investigation can tell whether the latest findings are the result of a new hack or the data breach of 2021, but it is a serious matter. “This data, which includes all kinds of personal details, can be used by other cyber criminals to carry out targeted attacks,” he said.
