CoWIN Portal Data Breach: Indian Health Ministry Registers FIR, Vows Serious Action

The Ministry of Health and Family Welfare (MoHFW) has taken action by lodging a formal complaint and registering an FIR in the wake of a concerning data breach incident on India's CoWIN portal.

The breach, which allegedly revealed personal data of citizens who registered for Covid vaccinations, has prompted the government to bolster data privacy and cybersecurity measures on the platform.

Minister of State for Electronics and Information Technology, Rajeev Chandrasekhar, addressed the issue in the Rajya Sabha, emphasising the government's commitment to addressing the breach promptly. The CoWIN portal, a critical tool in the nation's vaccination campaign, faced reports in June of a bot on the messaging platform Telegram leaking sensitive personal information, including names, Aadhaar, and passport numbers, upon entering phone numbers.

In collaboration with the Computer Emergency Response Team-India (CERT-In), the national cybersecurity agency, the MoHFW has been actively coordinating incident response measures. CERT-In has been instrumental in notifying affected organizations about the breach and offering guidance on remedial actions to mitigate risks, Chandrasekhar said.

To prevent future breaches and fortify the cybersecurity posture of the CoWIN portal, the government has put in place several proactive measures. CERT-In issued comprehensive guidelines on information security practices for government entities, covering critical domains such as data security, network security, application security, and more, Chandrasekhar informed.