Another data breach, this time from the CoWin portal, is serving as a reminder of India’s weak data protection system and the need to immediately work on it. Last week, The Fourth, a news portal, reported that a telegram bot is leaking the details of personal data on demand from the CoWin portal including name, gender, date of birth, Aadhaar numbers, PAN cards etc. Now a health ministry official has said that the initial probe shows that the breach is not from CoWIN but from another source and that the leaked data was “more detailed than what CoWIN possesses.”
But the Minister of Electronics and Technology, Rajeev Chandrasekhar said in a Twitter statement that an initial investigation had already indicated that there had been a leak of CoWin data.
Either way, the government seems to confess that there is a breach of data, and it is somewhat aware of the same.
This is not the first time sensitive government data has been compromised. India is the 7th most cyber-breached country in the world. Last year, around 50 government websites were hacked, while 8 data breaches occurred. The biggest among them was the malware attack on the prestigious All India Institute of Medical Sciences, targeting its massive health data. In fact, healthcare and retail with 11 per cent each are sectors that were the most targeted in India.
Should you worry? What would happen if your own personnel details are out in the open? In a digital world like today, this kind of breach poses a big threat to privacy. Things you don’t want anyone to know can become known to anyone. Imagine someone learns of your address, with the help of your phone number or Aadhaar.
More than anything else, your data out in the open, can make you a target of fraud and identity theft. Someone could be impersonating you and can take advantage of the same. Imagine someone taking a loan in your name. This is not very far-fetched, in fact, it has already happened. Just last year, in February, fraudsters allegedly used stolen PAN details of several people to avail of instant loans from the Indiabulls-owned Dhani app.
In the case of the Cowin data leak, the government first denied it and then shied away from taking any responsibility. So far, after its initial probe, the health ministry maintained that ‘only OTP authentication-based access of data is provided’ so this data couldn’t have been shared with any bot without an OTP.
Computer Emergency Response Team (CERT-In), the agency that handles cyber security matters, is also reviewing this issue and would be submitting a report soon. In its initial probe, it said that the back-end database of the Telegram bot was not directly accessing the APIs of the CoWin database.
The breach of India’s vast health data is absolutely shocking, but the government’s response is even more appalling. Instead of trying to reassure the public or improve digital security, the government is just trying to wash off its hands.
Centre for Financial Accountability is now on Telegram. Click here to join our Telegram channel and stay tuned to the latest updates and insights on the economy and finance.