India’s Ministry of Health and Family Welfare has brushed off allegations that the government’s vaccination portal Covid Vaccine Intelligent Network or CoWIN has been hacked.
News reports last week said leaked data from the platform’s server have been put on sale on underground database marketplace Raid Forums. One report said that the hack allegedly involved the personal data of over 20,000 people, including their name, age, gender, mobile number, address, date and COVID-19 test result.
The MOHFW clarified in a statement that “no data has leaked from [the] CoWIN portal and the entire data of residents is safe and secure on this digital platform”.
Although it will investigate the veracity of the news reports, the ministry emphasised that the vaccination platform “collects neither the address of the person nor the RT-PCR test results for COVID-19 vaccination”.
THE LARGER TREND
This was not the first time that an alleged hack of the CoWIN platform was reported. In June, Data Leak Market claimed a database of COVID-19 vaccination information from India was being sold on its website. That included personal data of around 150 million people, it said. The Health ministry immediately downplayed the claim as baseless, although it had tapped the government’s counter-hacking body Computer Emergency Response Team to look into the matter.
Meanwhile in Indonesia, an independent report found a data breach in the government’s COVID-19 test-and-trace app electronic Health Alert Card (eHAC) which possibly affected the information of about 1.3 million people. Encryption provider vpnMentor, whose researchers spotted the leak in September, said the app’s developer used an unsecured database to store two gigabytes of user records. Since then, the Indonesian government had called on a probe on the incident, which supposedly happened with the eHAC’s earlier version.