CoWIN data breach: Oppn parties demand probe

Opposition parties urged the government on Monday to take preventative measures and called for an investigation into allegations of a breach of citizen data stored on the CoWIN platform.

The government has referred to these reports as "mischievous" and "without any basis," while claiming that the CoWIN portal is entirely secure and has sufficient data privacy precautions.

Rajeev Chandrasekhar, the Union Minister of State for Information Technology, said the nodal Indian Computer Emergency Response Team (CERT-In) immediately responded and it does not appear that the CoWIN app or database has been directly breached.

Congress leaders alleged it was a case of "criminal negligence" and asked why the government was sitting on a data protection law.

"In its Digital India frenzy, GoI has woefully ignored citizen privacy. The personal data of every single Indian who got the Covid-19 vaccination is publicly available. Including my own data. Who let this happen? Why is GoI sitting on a data protection law?" Congress MP Karti Chidambaram

Minister of Electronics and Information Technology Ashwini Vaishnaw must answer, he said.

Congress leaders alleged it was a case of "criminal negligence" and asked why the government was sitting on a data protection law.

TMC national spokesperson Saket Gokhale also attacked Vaishnaw.

"This is a matter of serious national concern. And predictably, the Minister-in-charge of this is Ashwini Vaishnaw who heads the Electronics, Communications, and IT portfolios in addition to Railways. How long will the incompetence of Ashwini Vaishnaw be ignored by PM Modi?" he said.

Congress spokesperson Shama Mohamed claimed the personal information of all Indian citizens, who registered themselves on the CoWIN portal, has been leaked on Telegram.

"This includes their phone numbers, Aadhar and PAN card details. The Modi government has compromised the security and privacy of Indians! This is criminal negligence!" she alleged.

In a statement, the CPM demanded a thorough inquiry.

"This is of serious concern and an infringement of the right to privacy which was declared by the Supreme Court as a fundamental right of all Indians.

"CPIM demands a thorough investigation be conducted and those responsible for such a major breach in the security of personal information of Indians must be identified followed by deterrent action," the Left party said.

Gokhale claimed that individuals whose personal data has been breached include several opposition leaders like Rajya Sabha MP and TMC leader Derek O'Brien, former Union minister P Chidambaram, Congress leaders Jairam Ramesh and KC Venugopal and Rajya Sabha MPs Sushmita Dev, Abhishek Manu Singhvi, and Sanjay Raut. He also named several journalists.

"Why is the Modi government including Home Ministry not aware of this leak and why haven't Indians been informed about a data breach?" he said.

Minister Chandrasekhar on Monday said the National Data Governance policy has been finalised that will create a common framework of data storage, access and security standards in the country.

On data breach claims, he said Indian Computer Emergency Response Team (CERT-In) immediately responded and reviewed the matter.

A Telegram Bot was throwing up Cowin app details upon entry of phone numbers, he said."The data being accessed by bot from a threat actor database, which seems to have been populated with previously breached/stolen data stolen from past. It does not appear that the CoWin app or database has been directly breached," the minister said.

Reacting to it, Gokhale asked if the minister is "admitting there was a breach in Cowin in the past and data was stolen"

The CoWIN was developed and is owned and managed by the Ministry of Health and Family Welfare.

At present, the Health Ministry said in a statement, individual-level vaccinated beneficiary data access is available at three levels.

"Without OTP, vaccinated beneficiaries' data cannot be shared to any BOT," the ministry said.

With PTI inputs