The Union Health Ministry of India announced that it will be filing a First Information Report (FIR) with the police due to fraudulent data breach claims.
News about data breaches pertaining to COVID vaccination has been denied by the Ministry spokesperson.
In response to the incessant false claims, the Union Health Ministry will likely file an FIR against CoWIN breach claims.
FIR against CoWIN breach claims
Addressing the data breach claims that alleged the details of those who got the COVID vaccine in India were released on the dark web, an official spokesperson announced that it is not true. It is suspected that the CoWIN data leaks were from other databases and not from the official portal for the same.
An official spokesperson told Hindu Business Line, “We will file a case with the Cyber Crime cell either today or in a day or two. However, there has been no breach in CoWIN data.”
They continued by saying that there might have been a data breach attempt on another website that stored similar data but not the CoWIN portal.
Addressing the FIR against CoWIN breach claims, the spokesperson stated, “The Cybercrime will look into it. Investigations by CERT-in are on.”
They clarified that the CoWIN portal does not store full birth dates to be leaked online. It only collects the vaccine beneficiaries’ year of birth. Neither do they collect the address or other details which makes the CoWIN data breach claims null and void.
Denying the Covid data breach
An official press release by the Ministry of Health and Family Welfare on June 12 also confirmed that the CoWIN data breach claims were untrue as the official portal allows access only through OTP authentication.
“CERT-In in its initial report has pointed out that the backend database for Telegram bot was not directly accessing the APIs of CoWIN database,” the press release concluded.
Fir to determine legitimacy of CoWIN data breach claims
Denying the CoWIN data breach claims, the Minister of State Rajeev Chandrasekhar said, “A Telegram Bot was throwing up CoWIN app details upon entry of phone numbers. The data being accessed by bot from a threat actor database, which seems to have been populated with previously stolen data stolen in the past.”
The Covid vaccine data leak came to light when a local media outlet made a YouTube video claiming a Telegram bot was revealing information about politicians in the southern state of Kerala, India, according to a BBC report.
More media attention was drawn to the alleged CoWIN data leak when Twitter users started posting screenshots of leaked data allegedly of vaccine beneficiaries as shown below –
Details of several political leaders from India and their family were allegedly exposed through the Telegram bot. The CoWIN portal which is the central platform for COVID-19 vaccination registration in India has details of billions of people.
Upon analysis of found data and the bot that offered the vaccination information, several news outlets confirmed that the personal details of prominent individuals were accurate, however, the bot was left inaccessible, the BBC report concluded.
Previous COVID-related data leak claims
Previously in June 2021, it was claimed that the CoWIN portal was hacked leading to the exposure of 150 million Indians. However, the claims were denied by the government.
Besides the CoWIN data leak news, there were reports that the hospital registration information including the COVID-19 related data was compromised. User data from Ayushman Bharat and Arogya Karnataka were allegedly impacted.