If true, it’s most likely the biggest knowledge gap the country has ever seen, experts warn, and could affect as many as 1. 1 billion people.
Find your favorites in your Premium section Independent, my profile
File: A fitness officer shows a CoWIN app to beneficiaries while participating in a vacuum run or simulated exercise for the administration of the Covid-19 coronavirus vaccine
India on Monday sought to allay fears that the private knowledge of millions of citizens who registered on a government portal to electronically book their covid-19 vaccines has been breached, following reports that a Telegram bot was distributing the data online.
The bot’s directors claimed it had access to data from the government’s official vaccine portal, CoWin, which is mandatory for other people to book their first, moment and Covid booster after it was submitted through Narendra Modi’s address in January 2021. It has more than one billion users in India, adding foreign nationals.
Several media outlets reported on Monday that sensitive non-public data, such as one’s own touch numbers, passport numbers, dates of birth and national identity numbers known as Aadhaar, were available on the Telegram channel if a user entered a phone number registered with CoWin.
Previous reports indicated that the channel also distributed personal medical data unique to CoWin, such as when and where other people got their vaccinations, but that was no longer the case when the Telegram channel reviewed via The Independent.
Rajeev Chandrasekhar, federal deputy minister of electronics and technology, said the government’s computer emergency reaction team “immediately responded and investigated” the alleged leak and said it “does not appear that the CoWin application or database has been directly breached. “
It showed that the bot appeared to be sharing genuine personal information, but said it originated from a previous breach and not a breach involving CoWin.
“The knowledge the bot accesses from a knowledge base of risk actors, which appears to have been filled in the past with hacked/stolen knowledge stolen in the past. It doesn’t appear that Cowin’s app or knowledge base has been hacked directly. The national knowledge governance policy has been finalized and will create a non-unusual framework of knowledge storage, access and security criteria across government (sic),” said Mr. Chandrasekhar.
“The Ministry of Health’s CoWin portal is completely secure with promises of confidentiality of knowledge. . . Access to knowledge based on OTP authentication is only provided,” said a member of the Federal Ministry of Health.
Officials did not provide any information on when or where the previous breach occurred, or how many other people were affected.
Data security experts said that, if confirmed, a breach involving the number of users on the CoWin platform would be unprecedented in India.
“This is the first knowledge gap of its kind targeting families in India and the scale of this leak is huge. It is worth noting that while other previous leaks in India only shared the last four digits of the 12-digit Aadhaar number, this bot provides the 12 digits of its unique identifier to anyone who requests it,” said privacy and knowledge coverage activist Anivar Aravind. Independent.
It is also concerning because CoWin, as an internet portal, was also involved in other large-scale projects, adding one for a federal fitness identity number for the Indian population, said Mr. Aravind, who is also a petitioner opposing the collection of knowledge on behalf of the Aarogya Setu official application, used the pandemic to trace Covid contacts.
In addition to a potential number of millions of citizens, users whose knowledge can be accessed on the Telegram bot include prominent politicians, bureaucrats and journalists.
The knowledge gap included senior opposition leaders such as P Chidambaram and Jairam Ramesh of the Congress Party, Derek O’Brien of the Trinamool Congress and Telangana State’s Minister of Information and Communication Technology Kalvakuntla Taraka Rama Rao (KTR), according to media outlets that verified the knowledge. elope with those individuals.
The bot was first revealed on Sunday when a Kerala-based news portal called The Fourth News was able to access the main points of the most sensible committee official overseeing CoWin.
Data related to Modi’s former management fitness minister, Harsh Vardhan, and culture minister, Meenakshi Lekhi, was consulted, The News Minute reported.
The bot was removed on Monday morning after the first reports of the data breach were published and did not offer the ability to look up cell phone numbers and Aadhaar numbers after 8:50 a. m.
CoWin’s online page claims that India has distributed more than 2200 million doses of the Covid vaccine, of which only 5. 2 million have been administered outside the CoWin online system. According to the online page, more than 1100 million people vaccinated against Covid are registered in India. , this figure includes those who have registered offline.
The head of CoWin’s oversight committee, RS Sharma, said in January last year that the app has a “state-of-the-art security infrastructure” and has “never faced a security breach. “
Join interesting conversations, other independent readers and see their answers
File: A fitness officer shows a CoWIN app to beneficiaries while participating in a vacuum run or simulated exercise for the administration of the Covid-19 coronavirus vaccine
Getty AFP Images
Want to bookmark your favorite articles and stories to read or refer to later?Start your Premium Independent club today.