News

COVID-19 data leaked online, government denies data breach from Cowin portal

A cyber security researcher citing breach said that personally identifiable information (PII) has been made public through a content delivery network (CDN) and Google has indexed lakhs of these public and private documents possessed by the government.

Published:Sat, January 22, 2022 4:50pm

By Meghna Dutta

Advertisement

The COVID-19 data breach has become a common instance lately. The cost of data breaches reached a 'record high' last year, and it is only getting worse. As per a recent report, a government server in India was subjected to a COVID data breach, with names, contact numbers, addresses, and even test results of thousands of people being leaked online.

Also Read:

As per a PTI report, the leaked data was put on sale on the Raid Forums website where a cybercriminal claims to have personal data of over 20,000 people. Apparently, all of this information could be easily accessed through online research.

Advertising
Advertising

Rajshekhar Rajaharia, a cyber security researcher citing breach said that personally identifiable information (PII) has been made public through a content delivery network (CDN) and Google has indexed lakhs of these public and private documents possessed by the government. Rajaharia in a follow-up tweet said this intention is not to report any vulnerability in this incidence but caution people to stay vigilant from fraud calls, offers related to COVID-19.

While the researcher pointed Cowin's data getting public through a government CDN, the Centre reportedly denied the leak and said that it is not related to Cowin.

Advertisement

"However, prima facie it appears that the alleged leak is not related to Co-WIN as we neither collect any information on address or the COVID-19 status of beneficiaries," the ministry noted. The Government of India issued a statement and denied any data breach from the Cowin portal.

"There have been several media reports claiming that the data stored in Co-WIN portal has been leaked online. It is clarified that no data has leaked from Co-WIN portal and the entire data of residents is safe and secure on this digital platform. It is also clarified that while the Union Ministry of Health & Family Welfare will enquire into the substance of the news, prima facie the assertion is not correct, as Co-WIN collects neither the address of the person nor the RT-PCR test results for COVID-19 vaccination," the statement read.

While pandemic has forced many to switch to digital space, cybercriminals have found an easy route to exploit data over the past year. Cybersecurity experts have time and again warned against potential identity thefts. Last year, several COVID patients' Aadhaar details were allegedly sold on the dark web. Although there is no viable solution yet, users can save their data from getting exploited by being careful with sharing details online.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel.