CoWIN vaccination data out

CoWIN vaccination data out

Context : 

The Union Health Ministry on Monday denied the claims that recipients of the COVID immunisation, including several lawmakers, had their personal information leaked, calling them “mischievous in nature” and “without any basis.” It stated that the CoWIN site was entirely secure and had sufficient protections for data privacy.

Indian Computer Emergency Response Team


  • The Indian government’s Ministry of Electronics and Information Technology houses the CERT-IN (Indian Computer Emergency Response Team) office.
  • It was founded in 2004 under the Ministry of Communications and Information Technology and Section (70B) of the Information Technology Act, 2000.
  • The National Critical Information Infrastructure Protection Centre (NCIIPC) within the National Technical Research Organisation (NTRO) and the National Disaster Management Authority (NDMA) under the Ministry of Home Affairs are two organisations with whom CERT-IN shares overlapping tasks.


  • Nodal Agency: CERT-IN is the nodal organisation for dealing with phishing and other cyber security concerns in India.
  • Security Directives: To improve their security and lessen cyber risks, essential departments and organisations are issued security directives and advisories by CERT-IN.
  • Coordination: To coordinate and address the country’s cyber security and threats, CERT-IN collaborates with the Office of National Cyber Security Coordinator, the National Security Council, and the National Information Board.
  • Collaboration: To improve cyber security, CERT-IN works with other national and international organisations. For instance, it collaborated with Singapore’s Cyber Security Agency to stage the exercise “Synergy,” which intended to improve global cooperation and resilience against ransomware assaults.
  • Reporting and Analysis: To acquire insights into new trends, vulnerabilities, and attack patterns, CERT-IN gathers and analyses data on cyber security incidents. It is essential for comprehending India’s cyber threat landscape.
  • Incident Report: In the event of a cyber security incident, CERT-IN offers a coordinated response that includes incident handling, analysis, and recovery support. It helps businesses lessen the effects of cyberattacks.
  • Capacity building: To improve the cyber security expertise and understanding of people and organisations all over India, CERT-IN runs training courses, workshops, and awareness campaigns.
  • Research and development: To investigate new technologies, tools, and methods to counter increasing cyber threats, CERT-IN engages in research and development initiatives.
  • International Collaboration: To exchange knowledge, best practices, and skills in the area of cyber security, CERT-IN actively takes part in international projects and collaborations.

Points to Ponder:

  • Alleged Data Leak: There have been reports of a data breach involving the personal information of COVID immunisation recipients, including politicians. Information such as identification numbers, gender, dates of birth, vaccination sites, and registration methods were among the details that were disclosed.
  • Union Health Ministry’s denial: According to the Union Health Ministry, the reports are false and malicious. The CoWIN portal, which is used for vaccination registration and maintenance, was said to be secure and to have adequate protection for data privacy.
  • Scope of the leak: The extent of the leak was speculated to depend on whether a person’s mobile number was entered into a certain platform. Even the Aadhaar numbers and passport information of those who updated the CoWIN site for travel are said to have been compromised.
  • Clarification: Rajeev Chandrasekhar, the Union Minister of State for Electronics and Information Technology, emphasised that the information the bot accessed appears to have already been compromised and taken from a threat actor database. He made it clear that neither the CoWIN app nor the database had been directly compromised.
  • Telegram Bot: The platform offering CoWIN app details upon entering phone numbers was found to be a Telegram Bot. The bot appeared to access a different database from the CoWIN database.
  • Integration with Other Apps: UMANG (Unified Mobile Application for New-age Governance) and Aarogya Setu are both integrated with CoWIN. The COVID-19 contact tracing app Aarogya Setu and the portal UMANG are both used to access different government services.
  • Review and Investigation: The Indian Computer Emergency Response Team (CERT-In) was asked by the Union Health Ministry to look into the problem and provide a report. Additionally, CoWIN started an internal evaluation of its current security protocols. The Telegram bot’s back-end database was not directly interacting with the CoWIN database, according to the original report from CERT-In.