A day after reports of an alleged leak of CoWin database being put up for sale on dark-web emerged, the Empowered Group on Vaccine Administration and the Ministry of Electronics and Information Technology (MeitY) have asked Indian Computer Emergency Response Team (CERT-In) to investigate the matter.
“We have taken all steps and continue to take all steps to ensure the security of our database and our system. We are aware of all kinds of threats and attacks which are being tried on the system to penetrate the database and we shall continue to thwart them,” said National Health Authority CEO Dr RS Sharma, who has been in charge of the CoWin platform.
Sources at the IT Ministry said though the issue had been handled for now, CERT-In, with help of other domestic and global cybersecurity experts, was checking the entire CoWin platform once again to ensure there were no vulnerabilities.
“Over the past several months ever since CoWin went live, there have been repeated attempts by several state and non-state parties. Sometimes, it is in the form of SQL (structured query language) injection attack while others we observed repeated DDOS (distributed denial-of-service) attack. We are alert to them,” an IT Ministry official said.
A SQL injection attack consists of insertion of a query into the database to modify and exploit sensitive data. It allows the attacker to tamper with existing data, or steal someone’s identity or become the overall administrator of the said database. On the other hand, a DDOS attack in an attempt to disrupt the normal working of a website or an application’s server by abnormally increasing the internet traffic on that website or application’s network.
On Thursday, reports claimed that the entire database of CoWin, the platform being used by the central government to register people for vaccination against Covid-19, had been allegedly hacked and the data of about nearly 150 million Indians, who had already been vaccinated, had been put up for sale for $800. The said leak allegedly contained names, mobile number, Aadhaar card number, location, state and other details of people who had been vaccinated.
The Central government had said the said message, claiming they had the details, “prima facie appeared to be fake”. “Our attention has been drawn towards the news circulating on social media about the alleged hacking of CoWin system. In this connection we wish to state that CoWin stores all the vaccination data in a safe and secure digital environment. No CoWin data is shared with any entity outside the CoWin environment,” the government had said.
In March, the IT Ministry stepped up its vigil of cyberattacks on Indian firms in the vaccine, logistics, pharmaceutical and power sector. It had then asked companies in these sectors to report “any and all major cybersecurity” incidents to the Ministry and CERT-In.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines
- The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.