Data breach reports from CoWIN without any basis, clarifies Health Ministry

The Union Health Ministry on Monday said reports claiming breach of data of beneficiaries registered on the CoWIN platform were "without any basis", and that it has requested the country's nodal cyber security agency CERT-In to look into the issue and submit a report.

While asserting that the CoWIN portal is completely safe with adequate safeguards for data privacy, it said an internal exercise has been initiated to review the existing security measures of CoWIN.

There are reports alleging breach of data from the Co-WIN portal of the Union health Ministry, which is repository of all data of beneficiaries who have been vaccinated against COVID19, the health ministry said in a statement.

"It is clarified that all such reports are without any basis and mischievous in nature. Co-WIN portal of Health Ministry is completely safe with adequate safeguards for data privacy," it said.

The ministry, however, said it has requested the Indian Computer Emergency Response Team (CERT-In) to look into the issue and submit a report.

The Minister of State for IT further said the National Data Governance policy has been finalised that will create a common framework of data storage, access and security standards in the country.

"With reference to some alleged Cowin data breaches reported on social media, @IndianCERT has immediately responded and reviewed this," Chandrasekhar tweeted.

A Telegram Bot was throwing up Cowin app details upon entry of phone numbers, he said.

"The data being accessed by bot from a threat actor database, which seems to have been populated with previously breached/stolen data stolen from past. It does not appear that Cowin app or database has been directly breached," the minister said clearing the air.