New Delhi: While claiming that CoWIN data has not been leaked, the Union health ministry said that it is planning to file an FIR against the breach that may have happened from another database, The Hindu Business Line reported.
“We will file a case with the Cyber Crime cell either today or in a day or two. However, there has been no breach in CoWIN data. But there could have been some attempt elsewhere. Cyber crime will look into it. Investigations by CERT-in are on, too,” officials aware of the matter told the newspaper.
Reports of an alleged CoWIN data breach had surfaced earlier this month when vaccination beneficiary data including date of births and addresses were leaked through a bot on an instant messaging application. These reports were denied by the health ministry and the Ministry of Electronics and Information Technology (MeitY).
MeitY’s Computer Emergency Response Team’s (CERT) initial probe shows that the breach is not from CoWIN but another source that had not protected the data adequately, the source said, adding that the leaked data was “more detailed than what CoWIN possesses.”
The health ministry official said that CoWIN does not store precise dates of birth for vaccine beneficiaries, and the CoWIN portal only collected the year of birth. It also does not collect addresses, The Hindu Business Line reported.
An internal exercise is going on to review CoWIN’s current security measures. The health ministry official said that “only OTP authentication-based access of data is provided” hence data cannot be shared to any bot without an OTP.
“The development team of COWIN has confirmed that there are no public APIs where data can be pulled without an OTP,” a previous statement by the health ministry had said.