Vajram-And-RaviVajram-And-Ravi
hamburger-icon

Indian govt refutes Covid vaccine portal data breach reports

26-08-2023

12:36 PM

timer
1 min read
Mains GS-II: Governance
Indian govt refutes Covid vaccine portal data breach reports Blog Image

What’s in today’s article?

  • Why in news?
  • What is CoWIN?
  • News Summary: Indian govt refutes Covid vaccine portal data breach reports
  • Background
  • What is Centre’s defence in this case?

 

Why in news?

  • The Centre rubbished reports of an alleged data breach on the Health Ministry’s CoWIN platform.
  • It said that CoWIN platform is completely safe with adequate safeguards for data privacy.

 

What is CoWIN?

  • About
    • CoWIN stands for COVID Vaccine Intelligence Network.
    • CoWIN system is a comprehensive cloud-based IT solution for planning, implementation, monitoring, and evaluation of COVID-19 vaccination in India.
    • It provides real time information of vaccine stocks, their storage temperature and individualized tracking of beneficiaries of the COVID-19 vaccine.
    • CoWIN was developed and is owned and managed by the Health Ministry
  • Background
    • The platform was developed by the Government of India to facilitate the efficient and transparent distribution of COVID-19 vaccines across the country. 
    • It was launched in January 2021 as part of India's nationwide vaccination drive.
    • An Empowered Group on Vaccine Administration (EGVAC) was formed for steering the development of CoWIN and for deciding on policy issues. 
    • Former CEO, National Health Authority (NHA), chaired the EGVAC which also included members from the Health Ministry and MeitY, the statement added.
  • Key features of the CoWIN platform
    • Blended registration- Beneficiaries can register online or on-site (walk-in) to Vaccination Centre. 
    • Beneficiaries can book online appointment based on convenience of time and choice of location 
    • Track Vaccination Schedule 
    • Instant Digital vaccination Certificate with certificate correction utility 
    • Multilingual portal with 12 languages 
    • Vaccine Stock Management 
    • Publishing of Vaccine Schedules in advance 
    • Real Time Dashboards 
    • tracking of Adverse Event Following Immunization (AEFI)
    • Digital Covid-19 vaccination Certificate tracking
  • Achievements
    • More than 200 crore vaccination done with the help of CoWIN platfom.
      • 200 crore landmark was achieved within the 18 months of the launch of this app.
    • It is recognized as the world’s biggest digitally verifiable vaccination certificate generation platform.
    • United Nations Development Program (UNDP) had lauded India’s CoWIN app. It said that India's fight against pandemic was aided by successful CoWIN app.
    • It helped in tracking the usage of vaccination and minimizes the wastage.
    • During the Global Conclave 2021, India offered CoWin platform as a digital public good to other nations.
      • In Other words, CoWin platform has been made open source, available to any and all countries. 

 

News Summary: Indian govt refutes Covid vaccine portal data breach reports

  • The Health Ministry on Monday said reports of data breach of beneficiaries who received COVID vaccination are without any basis and mischievous in nature. 
  • It said the Indian Computer Emergency Response Team (CERT-In) had been asked to investigate the issue and submit a report.

 

Background

  • Earlier, it was reported that an automated account on messaging platform Telegram was allegedly sharing sensitive personal information of Indian citizens who signed up for the CoWIN portal for their Covid-19 vaccination.
  • This information included the Aadhaar and passport numbers od the persons who had signed up for the portal.
  • The alleged leak could impact more than 100 core individuals who have secured vaccinations after signing up through the CoWIN portal. 
    • This includes more than 4 crore children between the age of 12-14 and over 37 crore people over the age of 45, a significant part of which could be senior citizens.

 

What is Centre’s defence in this case?

  • The Centre highlighted the three ways in which data on CoWIN can be accessed
    • a user can access their data on the portal through a one time password (OTP) sent to their mobile number, 
    • a vaccinator can access data of a person, and the CoWIN system tracks and records each time an authorised user accesses the system,
    • third party applications that have been provided authorised access of CoWIN APIs can access personal level data of vaccinated people after OTP authentication.
  • Emphasised that without OTP it is not possible to access data
    • The government claims that without an OTP, data cannot be shared with the Telegram bot.
  • One API has a feature of sharing the data
    • The govt said that there is one API that has a feature of sharing the data by using just a mobile number. 
    • However, even this API is very specific and the requests are only accepted from a trusted API which has been whitelisted by the CoWIN application.
  • On database accessed by Telegram bot
    • The govt clarified that data being accessed by the bot from a threat actor database seems to have been populated with previously breached/stolen data. 
    • The database was other than CoWIN.

 

Q1) What is API?

API stands for Application Programming Interface. It is a set of rules and protocols that allows different software applications to communicate and interact with each other. An API defines the methods, data structures, and formats that should be used for communication between software components. APIs provide a way for developers to access the functionality of a software system or service without having to understand the internal details or implementation. By using APIs, developers can leverage the capabilities of existing software components to build new applications or enhance existing ones.

 

Q2) What is telegram bot?

A Telegram bot is an automated software application that interacts with users on the Telegram messaging platform. It is created using the Telegram Bot API, which provides developers with the necessary tools to build and manage bots. Telegram bots can perform a wide range of tasks and provide various services within the Telegram platform. They can be used for simple tasks like providing information or delivering automated responses, as well as more complex tasks like handling transactions, processing data, or integrating with external services.

 

Source: CoWIN completely safe, has adequate safeguards for data privacy: Centre on alleged leak | UNDP | The Hindu | Indian Express

logo

© 2025 Vajiram & Ravi. All rights reserved