India’s COVID-19 vaccination program has been one of the largest and most complex in the world, with over 100 million people vaccinated so far. The program’s success is largely due to the CoWIN portal, which manages the registration and scheduling of vaccinations. However, recent reports of data breaches have raised concerns about the security of the personal information of millions of users stored on the platform.
According to reports, personal details of over 100 million users, including their names, Aadhaar numbers, and vaccination status, were exposed in a breach of data from the CoWIN portal of the Union Health Ministry. Cybersecurity experts believe that some form of breach had occurred as the data of users was available on a Telegram bot-run channel. The Union Health Ministry, however, said on Monday that the reports about the breach were without basis and mischievous.
False data dumps are created on the dark web to fraudulently earn money by fraudsters. Having access to the database where all the personal information is stored is another way to get this data. If any unknown identity gets access to the database without any permission, the data is usually hacked. It is possible to fetch the data from CoWIN as the data can be accessed through APIs. Third-party APIs have to be given access and be approved by the data-owing agency before any data sharing happens.
The CoWIN platform was developed and is owned and managed by the Ministry of Health and Family Welfare (MoHFW). All necessary steps have been taken and are being taken to ensure the security of the data in the CoWIN portal. Security measures are in place on the CoWIN portal, including a Web Application Firewall, Anti-DDoS, SSL/TLS, regular vulnerability assessment, Identity and Access Management, etc. According to the Union Health Ministry and cybersecurity experts, the platform is “completely safe.”
The Indian government has set a target of vaccinating 300 million people by August, and the CoWIN portal is critical to achieving that goal. Any breach of personal information could result in a loss of confidence in the platform, making it difficult to achieve the vaccination target.
The latest tweet from the Minister indicated that it used some “previously stolen data.” This could indicate that the breach was more significant than initially reported, and personal information from other sources may have been included in the breach.
Amit Jaju, Senior Managing Director at Ankura Consulting Group (India), highlights the importance of securing personal information. He states that the security measures should be implemented at all levels, including the database, API, and frontend. He also suggests that the government should conduct regular audits of the platform’s security.
Akshara Bassi, Senior Research Analyst at Counterpoint Research, believes that the breach could have a significant impact on the government’s vaccination program. She suggests that the government should take swift action to address any security vulnerabilities and restore confidence in the platform.
The security of personal information is critical, and any breach of data can have severe consequences. The CoWIN platform is essential to India’s COVID-19 vaccination program, and any loss of confidence in the platform could make it difficult to achieve the vaccination target. The Indian government must take swift action to address any security vulnerabilities and ensure that the platform is secure.
