Two apprehended in CoWin portal data leak case

In a major breakthrough, the Delhi Police Special Cell has apprehended a man and a juvenile from Bihar in connection with the alleged data leak from the CoWin portal, the Centre's official platform for Covid-19 vaccination registration and certification.

According to police sources, the adult man, whose identity has been withheld pending further investigation, is suspected of being involved in the unauthorised sharing of sensitive vaccination data on the encrypted messaging app, Telegram.

The sources have revealed that the man, believed to be in his late twenties, allegedly gained access to the portal.

It is suspected that he illegally obtained confidential information of registered users, including their personal details and vaccination status, and subsequently disseminated this data on Telegram.

The accused person's mother, who works as a healthworker in Bihar, also adds an intriguing twist to the case. Authorities are currently investigating whether her profession provided the arrested individual with any insider knowledge or facilitated his illicit activities.

Further details regarding her involvement or potential knowledge of her son's actions are yet to be disclosed by the police.

Earlier this month, the Union Ministry of Health and Family Welfare (MoHFW) had dubbed the alleged data breach of Covid-19 vaccine beneficiaries as "mischievous in nature", saying that the portal is completely safe with adequate safeguards for data privacy.

The Ministry also said that it had requested the Indian Computer Emergency Response Team (CERT-In) to look into this issue and submit a report, besides initiating an internal exercise to review the existing security measures of CoWIN.

The Ministry's remarks came after some media reports and social media posts had claimed breach of data of vaccine beneficiaries.

"Certain posts on the social media platform Twitter have claimed using a 'Telegram (online messenger application) BOT', the personal data of individuals who have been vaccinated is being accessed."

It was reported that the BOT has been able to pull individual data by simply passing the mobile number or Aadhaar number of a beneficiary.

The Ministry had also said that security measures are in place on the CoWIN portal, with Web Application Firewall, Anti-DDoS, SSL/TLS, regular vulnerability assessment, Identity and Access Management.