- COVID 19 data of many Indians allegedly leaked online.
- The alleged leaked data has been put on sale on Raid Forums website.
- The National Health Authority (NHA) has denied any COVID-related data leak from the Co-WIN portal on a prima facie basis.
The COVID-19 data breach has become a common instance lately. The cost of data breaches reached a ‘record high’ last year, and it is only getting worse. Personal information of thousands of people in India has been leaked from a government server which includes their name, mobile number, address, and COVID test result, and this information can be accessed through online search. The leaked data has been put on sale on the Raid Forums website where a cybercriminal claims to have personal data of over 20,000 people.
Cyber security researcher Rajshekhar Rajaharia on Wednesday, 19 January, took to Twitter to say that personally identifiable information (PII) has been made public through a content delivery network (CDN) and Google has indexed lakhs of these public and private documents possessed by the government. While the researcher pointed Cowin’s data getting public through a government CDN, the Centre reportedly denied the leak and said that it is not related to Cowin.
Meanwhile, the Indian government clarified that no data has leaked from the Co-WIN portal and the entire data of residents is safe and secure on this digital platform.
While pandemic has forced many to switch to digital space, cybercriminals have found an easy route to exploit data over the past year. Cybersecurity experts have time and again warned against potential identity thefts. Last year, several COVID patients’ Aadhaar details were allegedly sold on the dark web. Although there is no viable solution yet, users can save their data from getting exploited by being careful with sharing details online.
In a statement, the Ministry of Health & Family Welfare said:
“Regarding data leak from Cowin – We are getting the matter examined. However, prima facie it appears that the alleged leak is not related to Co-WIN as we neither collect any information on address or the #COVID19 status of beneficiaries.” Co-WIN collects neither the address of the person nor the RT-PCR test results for #COVID19 vaccination,” the government added.
Union health ministry said the matter of the alleged hacking of the Co-WIN system will be investigated by the Computer Emergency Response Team, known as the government’s best counter-hacking group under the Ministry of Electronics and Information Technology (MeitY).
Thanks for Reading!!