CoWIN Data Breach

Analysis and impact on citizens

Tickets

Loading…

CoWin Portal And India’s Foray into Digital Public Health Infrastructure.

The (CoWin) Portal/App is the government of India-owned platform for the Covid-19 vaccine. The programme was launched by PM on 16 January 2021. Since its commencement, nearly 1.12 Billion people have registered themselves on the CoWin Portal and nearly 2.2 billion doses of Vaccine have been administered through it.

The Issues Surrounding the Cowin Portal and the Privacy of the Citizens

Since its inception, the portal has been marred with controversy for various reasons. The project has been established through an executive fiat and has no legal backing. In 2021, a June hackers group claimed that it had bread the data of around 15 Crore people who had registered on the Portal. The Government, however, denied any such leak and refuted the claims of the breach saying that data was safe and secure. RS Sharma, the Chief Executive Officer of the National Health Authority vouched for the CoWIN portal and said "CoWIN has state-of-the-art security infrastructure and has never faced a security breach. Data of our citizens is absolutely “safe” and “secure”. Any news about data leaks from CoWIN holds no merit.
However, on Monday, 12th June 2023, a Kerala-based Malayalam web portal The Fourth News published an article revealing that a Telegram Bot was throwing up the personal information of the people who had registered themselves on the Cowin App/Portal. The bot provided the information after an Aadhaar number or a mobile number was provided to it.
This again raised serious concerns surrounding the safety and security of the personal data of the citizens on the Cowin Portal/App.

The Government again denied any breach. The Health Ministry said that the CERT-In has been looking into the matter and that the Cowin was safe from any threat. The Minister of State (Meity) however conceded that the telegram bot might have access to the data from the threat actor which could have been populated with previously stolen data stolen in the past. However, the minister did reveal the past theft or breach or whether was any enquiry conducted for this.

About the speakers

The webinar has three panellists who will be speaking on the issue. Rishu Mehrotra is a Technology Leader at Merkle Science. He is a part of the Leadership Group at MerkleScience which has been nurturing and building the next generation of enterprise-grade Blockchain risk management and compliance platforms.

Arjun BM is Chief Security Architect at Finastra and a security professional with diverse experience in architecting, designing, implementing & supporting IT Security & Vulnerability Management solutions in Enterprise & Cloud environments. He is an enthusiast with diverse experience in areas like Application Security, Security Architecture & DevSecOps. Currently working for a FinTech major as a Security Architect, ensuring end-to-end implementation, design and governance of security controls within product design.

Tejasi Panjiar is an associate Policy counsel at Internet Freedom Foundation and has been actively pursuing issues related to data protection, public policy, digital rights and digital governance.

About the moderator

Ria Singh Sawhney is a lawyer and has been associated with the Rethink Aadhaar campaign. She has been actively writing on issues involving the Aadhaar and its intersection with human rights and how the Aadhaar has been proven to be exclusionary and problematic for the people of marginalised communities.

Key takeaways for participants

  1. You will understand the nuances of data security.
  2. You will understand how digital infrastructure works in society and what are its intended benefits and potential harms.
  3. you will also learn what happens when the personal data of millions of people is compromised and what are its implications on society as a whole.
  4. You will understand what measures could be used to protect the data of the citizens and what steps should the Government take to ensure the safety and security of the citizens of the country.

Contact information: For queries about the meetups, contact Hasgeek at support@hasgeek.com or call (91)7676332020.

Purchase a membership to support Rootconf’s community activities on hasgeek.com

Hosted by

We care about site reliability, cloud costs, security and data privacy

Supported by

Organizer

Article 21 Trust endeavours to work on issues at the intersection of technlogy and welfare. Some of the issues we have worked on include Aadhaar related concerns, data protection, non personal data governance, technology and justice, One Nation One Ration etc. more