Why government is brushing off the CoWIN data leak reports

A recent news flashed that the personal data of thousands of people in India was leaked from a government server that included their personal details, whereas the Ministry of Health and Family Welfare has brushed off allegations that the government's vaccination portal Covid Vaccine Intelligent Network or CoWIN has been hacked.

Whereas, the National Health Authority (NHA) has denied any Covid-related data leak from the Co-WIN portal on a prima facie basis, saying the platform neither collects the address of people nor RT-PCR test results for vaccination, a top official said. This was not the first time that an alleged hack of the CoWIN platform was reported. The question is why the health ministry has immediately downplayed the claim as baseless, although it had tapped the government's counter-hacking body Computer Emergency Response Team to look into the matter.

There have been several media reports claiming that the data stored in the Co-WIN portal has been leaked online. The leaked data reportedly was put on sale on a website called Raid Forums. A post claimed to have personal data of over 20,000 people. The data on that website shows name, age, gender, mobile number, address, date and result of Covid-19 report of accounts.

Cyber Security researcher Rajshekhar Rajaharia also tweeted that personally identifiable information (PII) including name and Covid-19 results are made public through a content delivery network. He has claimed that Google has indexed lakhs of data points from the affected system. Cybercriminals on the dark web had posted the personal data of thousands of people, claiming they were from India. Now the question is when the government has heavily relied on digital technologies in terms of controlling and creating awareness about the Covid-19 pandemic and also its vaccination programme, has the government taken required precautionary measures to keep the data safe and secure?

Several government departments mandate people to use the Aarogya Setu app for Covid-19 related services and information. It is a wake-up call and cautioning people to remain alert from fraud calls, offers related to Covid-19, etc that they may get as their data is being sold in the dark web. It is an absolute fact that the Data sold on the dark web is often exploited by cybercriminals and fraudsters for various kinds of frauds.