Ministry also asked CERT-In to look into the matter and submit a report
KOLKATA: Media reports of data leakage from the Co-WIN portal that flooded the social media application Telegram are mischievous in nature, the Union Health ministry said.
Reacting to the reports of data breaches through the Co-WIN portal, the ministry said, “It is clarified that all such reports are without any basis and mischievous in nature. The Co-WIN portal of the Health Ministry is completely safe with adequate safeguards for data privacy.”
Further, security measures are in place on the Co-WIN portal, with a Web Application Firewall, Anti-DDoS, SSL/TLS, regular vulnerability assessment, Identity & Access Management etc. Only OTP authentication-based access to data is provided. All steps have been taken and are being taken to ensure the security of the data in the Co-WIN portal,” the ministry stated.
“There is no provision to capture the address of the beneficiary,” said the Union Health ministry.
ALSO READ: CoWIN data breach sparks political storm
“The development team of Co-WIN has confirmed that there are no public APIs where data can be pulled without an OTP. In addition to the above, there are some APIs that have been shared with third parties, such as ICMR, for sharing data. It is reported that one such API has the feature of sharing the data by calling using just a mobile number from Aadhaar. However, even this API is very specific, and the requests are only accepted from a trusted API that has been white-listed by the Co-WIN application,” the ministry said.
Not leaving anything to chance, the Health Ministry has requested CERT-In (Indian Computer Emergency Response Team) to look into this issue and submit a report on it to the ministry.
ALSO READ: WHO declares latest COVID variant VoI; Doc says don’t panic
Reports on the Co-WIN data breach surfaced this morning, in which it was said that details of anybody can be accessed on the social media application Telegram by merely typing either the concerned person’s phone number or Adhar Card.
The news soon shocked millions, as the app has in store every personal detail of Indians ranging from VVIPs to commoners.
Citing the same Saket Gokhale, Trinamool Congress spokesperson, tweeted blurred details of politicians and journalists.
At present, individual-level vaccinated beneficiary data access is available at three levels: the beneficiary dashboard, the Co-WIN authorised user, and API-based access.
YOU MAY ALSO LIKE