As part of its investigation into the alleged CoWIN data breachIndia’s Computer Emergency Response Team (CERT-In) – the nodal cyber security agency – is in discussions with at least 11 state governments that have developed their own databases during the Covid-19 pandemic and classified citizens’ personal data including their Aadhaar details and Indian Express I learned.

The agency is looking into any potential leaks that could occur from these countries’ databases. While Karnataka and Kerala have been learned as being among the 11 states, there is no information yet on the remaining states.

Some states have created entire databases during the pandemic to track things like containment zones and the vaccination status of residents. Some state health workers may also have accessed that data, which in some cases was stored on local machines. A senior Union Government official said the CERT-In team expanded its investigation into the issue by assessing whether one of those databases had been affected.

The official said that during the initial discussions, Karnataka and Kerala had indicated that they had set up their own databases during the pandemic to monitor containment zones.

CERT-In is also coordinating with messaging platform Telegram, where the bot has been sharing sensitive data of citizens, allegedly sourced from the CoWIN database, to ascertain the identity of the person or group behind it.

However, the messaging platform told the agency that the group operating the bot, called ‘hak4learn’, was using a virtual private network (VPN) to access the service, due to difficulty in determining their identity or location.

Telegram, which was founded in Russia and is now headquartered in the British Virgin Islands, did not respond to inquiries from The Indian Express on the issue.

Earlier this week, following reports that CoWIN data had been hacked and shared on Telegram through a bot, the Department of Health asked CERT-In to investigate the issue and file a report. CERT-In is expected to publish its report with the ministry next week.

The Department of Health said that the CoWIN system was “completely secure with adequate safeguards for data privacy” and that all reports of breaches were “without any basis and malicious in nature”.

Rajiv Chandrasekhar, Minister of State for Electronics and Information Technology, said the CERT-In team had reviewed the alleged breach, and that the data being accessed by the Telegram bot was from a “threat actors database” that appeared to have been populated with previously hacked data, which had not yet been accessed. Not affiliated with CoWIN. “It does not appear that the CoWIN application or database was directly compromised,” he said.

Meanwhile, TMC MP Derek O’Brien learned that he had lodged a complaint with the Kolkata Cyber ​​Police, demanding an investigation into the case. In his complaint, he said: “… there is a notorious conspiracy in the game to make sensitive information available to private players through government resources.”


Leave a Reply

Your email address will not be published. Required fields are marked *