wordpress blog stats
Connect with us

Hi, what are you looking for?

What’s the status of investigation of CoWIN data breach? Gov response in Rajya Sabha lacks details

On measures taken to enhance safety protocols, the MoS of IT Ministry mentioned operations undertaken by CERT-In when a data breach is reported

Even a month after the CoWIN data leak incident came to light, the government has not provided details regarding the status and findings of the investigation into the data breach. When Rajya Sabha members questioned the Ministry of Electronics & Information Technology on July 21 if the government has identified those responsible for the breach, Minister of State for IT Rajeev Chandrasekhar replied:

“Taking cognizance of the cyber incident regarding CoWIN data in June 2023, CERT-In coordinated incident response measures with Ministry of Health & Family Welfare (MoHFW). The MoHFW has lodged a complaint and F.I.R has been registered by a law enforcement agency, and CERT-In has provided inputs to facilitate investigation.”

MPs Syed Nasir Hussain, Dr. Amee Yajnik and Vivek K. Tankha raised the following questions:

  1. Whether the government has a tangible plan to contain the leaked information from the CoWIN portal.
  2. Whether the Indian Computer Emergency Response Team (CERT-In) has started the investigation and identified those responsible for the breach.
  3. If so, the status of the investigation thereof and, if not, the reasons therefor.
  4. The measures the government has taken to enhance safety protocols regarding such large databases, with a key focus on protecting the private information of citizens and preventing unauthorized access to their databases).

Article continues below ⬇, you might also want to read:

Why it matters: The Indian government had denied the breach of the CoWIN database, which contains vaccine-related and personal details of millions of Indians who had registered for vaccination during the Covid-19 pandemic. The data leak that first emerged through a Telegram bot triggered several questions about the protection of critical digital infrastructure from cyberattacks, especially in the health sector after the AIIMS data breach in November. The government, as well as the CERT-In, failed to provide answers to these critical questions raised by the public and opposition party members. Who is accountable for the data leak and ultimately, citizen privacy then? The government has chosen to avoid details and beat around the bush even in its response to parliamentary queries.

Everything’s all right, as per the government:

  1. When asked about the government’s plan to contain the leaked information from the CoWIN database, Chandrasekhar stated, “CoWIN portal of the Ministry of Health & Family Welfare has complete security measures and adequate safeguards for data privacy with Web Application Firewall (WAF), Anti- Distributed Denialof-Service (DDoS), Secure Sockets Layer (SSL)/Transport Layer Security (TLS), Identity & Access Management and regular vulnerability assessment.”
  2. On measures taken to enhance safety protocols, the Minister detailed operations undertaken by CERT-In when a data breach is reported. The reply stated that CERT-IN notifies and coordinates with affected organisations to kickstart remedial measures. The team also issues alerts and advisories regarding cyber threats and vulnerabilities and ways to protect computers and networks against them.
  3. The Minister’s reply also revealed that that a special advisory on security practices has been communicated by CERT-In to the Health Ministry to strengthen “resilience of health sector” against cyberattacks.
  4. Further, in June 2023, the CERT-In team also issued guidelines on information security practices for the government covering domains such as data security, network security, identity and access management, application security, third-party outsourcing, hardening procedures, security monitoring, incident management and security auditing.
  5. The government also said that CERT-In has empanelled 150 security auditing organisations to support and audit the implementation of Information Security Best Practices. Additionally, a Cyber Crisis Management Plan has been formulated for countering cyberattacks and cyber terrorism for implementation by all Ministries/ Departments of Central Government, State Governments and their organizations and critical sectors.
  6. A National Cyber Coordination Centre (NCCC) also has been set up by CERT-In to generate necessary situational awareness of existing and potential cyber security threats.
  7. For the protection of critical information infrastructures, the National Critical Information Infrastructure Protection Centre has been set up, which also responds to cyber incidents on such infrastructure. “The Centre provides near-real-time threat intelligence and situational awareness, based on which regular alerts and tailored advisories are sent to the entities concerned with such infrastructure,” the statement added.

STAY ON TOP OF TECH NEWS: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!

Written By

Curious about the intersection of technology with education, caste and welfare rights. For story tips, please feel free to reach out at sarasvati@medianama.com

Free Reads


In its submission, the Interior Ministry said the decision to impose a ban was "made in the interest of upholding national security, maintaining public...


Among other things, the security requirements include data encryption and regular review and updated access permissions to reflect personnel changes.


the NTIA had earlier sought comments on the risks, benefits, and potential policy related to dual-use foundation models for which the model weights are widely...

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



NPCI CEO Dilip Asbe recently said that what is not written in regulations is a no-go for fintech entities. But following this advice could...


Notably, Indus Appstore will allow app developers to use third-party billing systems for in-app billing without having to pay any commission to Indus, a...


The existing commission-based model, which companies like Uber and Ola have used for a long time and still stick to, has received criticism from...


Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...


Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ