"CoWIN data not hacked," MeiTY tells Parliament Standing Committee
Jun 15, 2023
New Delhi [India], June 15 : Government officials from Indian Computer Emergency Response Team (CERT-In) on Thursday informed a parliamentary panel that there was no breach reported in the COVID vaccination portal.
The Parliamentary Committee on Communication and IT met today to discuss citizens' data security and privacy.
Appearing before the Parliamentary Standing Committee on Communication and IT, the officials from MeiTY said that they were probing the issue.
When asked about the status of enquiry in the alleged breach of data from the CoWIN portal, the government officials said that the data leaked by bots was collated from several sources.
"CoWIN was a breach-proof portal," the government officials said.
The meeting was attended by the secretary, additional secretary and three other officials including scientists from the Ministry Electronics and Information Technology (MeiTY).
Speaking on condition of anonymity, a lawmaker said that the government officials defended the CoWIN portal saying it worked via a one-time password (OTP).
"They didn't answer as to how the details of passports and vaccinations including hospital names were available online by the bots," he said.
The opposition lawmaker further said that the CERT-In officials didn't answer the questions related to CoWIN, saying multiple APIs (Application Programming Interfaces) have been granted access to the CoWIN portal.
Previously, the Health Ministry too had denied the claims of data breach from the CoWIN portal saying the reports were "baseless" and "mischievous in nature".
"The CoWIN portal of the Health Ministry is completely safe with adequate safeguards for data privacy. Furthermore, various security measures are in place on the CoWIN portal. Only OTP authentication-based access to data is provided. All steps have been taken and are being taken to ensure the security of the data in the CoWIN portal," said a press release.
In a tweet, Union Minister of State for Electronics and Information Technology Rajeev Chandrasekhar said that the matter had been reviewed by CERT-In, the nodal cybersecurity body.