CoWIN data leak: Bihar man, juvenile arrested

A man from Bihar was arrested and a juvenile apprehended for their involvement in the alleged data leak from CoWIN portal, the Indian government portal for COVID-19 registration, officials said on Thursday (June 22).

The man is alleged to have used a Telegram app to leak the sensitive data on citizens, they said. His mother, who is a healthcare worker in Bihar, and is also being questioned.

Last week, there were reports about an alleged breach of data of citizens registered on the CoWIN platform. The data accessed by a Telegram bot revealed the gender, date of birth, Aadhaar details, address, centre for vaccination etc., of the COVID-19 vaccine beneficiaries.

Also read: Explainer: CoWIN data leak – here’s why data privacy should matter to us

Opposition parties raised a hue and cry and asked the government to take deterrent action.
The government has termed such reports “mischievous” and “without any basis”, while affirming that the CoWIN portal is completely safe with adequate safeguards for data privacy.

The matter was sent for a review by the country’s nodal cyber security agency CERT-In, which said in its initial report, that the backend database for the Telegram bot, which is at the centre of the alleged leak, was not directly accessing the APIs of the CoWIN database.

In a statement, the Union health ministry also said that an internal exercise has been initiated to review the existing security measures. CoWIN portal is a repository of the data of all those who have been vaccinated against COVID-19 in the country.

(With inputs from agencies)