Editor's Pick: CoWIN data out, govt. denies breach

The Union Health Ministry has rejected claims of an alleged data leak of COVID vaccination beneficiaries, including several politicians, saying such reports were “without any basis and mischievous in nature”. The government maintained the CoWIN portal was completely safe with adequate safeguards for data privacy. As per reports, a data breach is possible if the mobile number of a person is entered — details such as the identification number of the document submitted (Aadhaar, passport, PAN), gender, date of birth, and the centre where the vaccine was administered, are provided as a reply in an instant by the messenger bot in question. These details could be accessed even if the Aadhaar number is entered instead of the phone number. Among those whose details were allegedly leaked are CoWIN chairman Ram Sewak Sarma, BJP’s Meenakshi Lekhi and Congress general secretary K.C. Venugopal. The bot is also giving details of several Opposition leaders. Union Minister of State for Electronics, and Information Technology Rajeev Chandrasekhar clarified that the data being accessed by the bot was from a threat actor database which seems to have been populated with previously breached data. “It does not appear that the CoWIN app or database has been directly breached,” he tweeted. He added that the bot was throwing up CoWIN app details upon entry of phone numbers. CloudSEK, a cybersecurity start-up, also said that threat actors do not have access to the entire CoWIN portal or the back-end database. The Union Health Ministry, meanwhile, said it requested the Indian Computer Emergency Response Team (CERT-In) to investigate this issue and submit a report. In addition, an internal exercise was initiated to review the existing security measures of CoWIN. The Congress has also sought a high-level judicial probe into the data management apparatus of the country to identify the extent of the danger posed to the privacy of citizens. This is, however, not the first time that such a leak has been reported. In June 2021, a hacker group claimed that it had a database of about 15 crore Indians who registered themselves on CoWIN. Health authorities had rubbished the claims then. Was this newsletter forwarded to you? Head over to our newsletter subscription page to sign up for Editor’s Pick and more. Click here. The Hindu’s Editorials The second-best: on India and the World Test Championship final Fall from grace: on the political trajectory of Boris Johnson The Hindu’s Daily News Quiz Article 163(2) pertains to which issue in the Indian Constitution? The right of default bail Governor’s discretion Advocate General’s advise the Government of the State Reservation To know the answer and to play the full quiz, click here. [logo] Editor's Pick 13 June 2023 [The Hindu logo] In the Editor's Pick newsletter, The Hindu explains why a story was important enough to be carried on the front page of today's edition of our newspaper. [Arrow]( [Open in browser]( [Mail icon]( [More newsletters]( CoWIN data out, govt. denies breach The Union Health Ministry has rejected claims of an [alleged data leak of COVID vaccination beneficiaries, including several politicians,]( such reports were “without any basis and mischievous in nature”. The government maintained the CoWIN portal was completely safe with adequate safeguards for data privacy. As per reports, a data breach is possible if the mobile number of a person is entered — details such as the identification number of the document submitted (Aadhaar, passport, PAN), gender, date of birth, and the centre where the vaccine was administered, are provided as a reply in an instant by the messenger bot in question. These details could be accessed even if the Aadhaar number is entered instead of the phone number. Among those whose details were allegedly leaked are CoWIN chairman Ram Sewak Sarma, BJP’s Meenakshi Lekhi and Congress general secretary K.C. Venugopal. The bot is also giving details of several Opposition leaders. Union Minister of State for Electronics, and Information Technology Rajeev Chandrasekhar clarified that the data being accessed by the bot was from [a threat actor database]( which seems to have been populated with previously breached data. “It does not appear that the CoWIN app or database has been directly breached,” he tweeted. He added that the bot was throwing up CoWIN app details upon entry of phone numbers. CloudSEK, a cybersecurity start-up, also said that threat actors do not have access to the entire CoWIN portal or the back-end database. The Union Health Ministry, meanwhile, said it requested the Indian Computer Emergency Response Team (CERT-In) to investigate this issue and submit a report. In addition, an internal exercise was initiated to review the existing security measures of CoWIN. The Congress has also sought a high-level judicial probe into the data management apparatus of the country to identify the extent of the danger posed to the privacy of citizens. This is, however, not the first time that such a leak has been reported. In June 2021, [a hacker group claimed that it had a database of about 15 crore Indians]( registered themselves on CoWIN. Health authorities had rubbished the claims then. Was this newsletter forwarded to you? Head over to our newsletter subscription page to sign up for Editor’s Pick and more. [Click here]( The Hindu’s Editorials [Arrow][The second-best: on India and the World Test Championship finalÂ]( [Arrow][Fall from grace: on the political trajectory of Boris Johnson]( The Hindu’s Daily News Quiz Article 163(2) pertains to which issue in the Indian Constitution? - The right of default bail - Governor’s discretion - Advocate General’s advise the Government of the State - Reservation To know the answer and to play the full quiz, [click here.]( [Sign up for free]( [[India threatened to block Twitter, raid employees: former CEO Jack Dorsey] India threatened to block Twitter, raid employees: former CEO Jack Dorsey]( [[Explained | Leptospirosis, a disease that surges in the monsoon months] Explained | Leptospirosis, a disease that surges in the monsoon months]( [[WTC 2023 | Honest self-assessment and tough calls the need of the hour for India] WTC 2023 | Honest self-assessment and tough calls the need of the hour for India]( [[Congress demands judicial inquiry into CoWIN data breach] Congress demands judicial inquiry into CoWIN data breach]( Copyright @ 2023, THG PUBLISHING PVT LTD. If you are facing any trouble in viewing this newsletter, please [try here]( If you do not wish to receive such emails [go here](