The Centre on Friday dismissed reports of data leak from CoWIN application and said that the digital platform is safe and secure.
Taking to Twitter, the Union Health Ministry on Friday said: "Regarding data leak from CoWIN: We are getting the matter examined. However, prima facie it appears that the alleged leak is not related to Co-WIN as we neither collect any information on address or the COVID-19 status of beneficiaries."
Further, the Ministry in a press release informed, "There have been several media reports claiming that the data stored in Co-WIN portal has been leaked online. It is clarified that no data has leaked from Co-WIN portal and the entire data of residents is safe and secure on this digital platform."
"It is also clarified that while Union Ministry of Health and Family Welfare will enquire into the substance of the news, prima facie the assertion is not correct, as Co-WIN collects neither the address of the person nor the RT-PCR test results for COVID-19 vaccination," the release further read.
The National Health Authority (NHA) has denied any Covid-related data leak from Co-WIN portal on the prima facie basis, saying the platform neither collects the address of people nor RT-PCR test results for vaccination, reported PTI.
Cyber criminals on the dark web had posted personal data of thousands of people, claiming they were from India.
"While we will enquire into the substance of the news, prima facie the assertion is not correct. The reason is that Co-WIN collects neither the address of the person nor the RT-PCR test results for vaccination. Further, we would like to assert that no data has leaked from Co-WIN portal and the entire data of residents is safe and secure on our platform," National Health Authority CEO R S Sharma said in a statement.
The alleged leaked data has been put on sale on Raid Forums website where a cyber criminal claims to have personal data of over 20,000 people.
Cyber Security researcher Rajshekhar Rajaharia also tweeted that personally identifiable information (PII) including name and Covid-19 results are made public through a content delivery network (CDN).
He said that Google has indexed lakhs of data from the affected system.
"PII including Name, MOB, PAN, Address etc of #Covid19 #RTPCR results & #Cowin data getting public through a Govt CDN. #Google indexed almost 9 Lac public/private #GovtDocuments in search engines. Patient's data is now listed on #DarkWeb. Need fast deindex," Rajaharia said in his tweet.
The government has heavily relied on digital technologies in terms of controlling and creating awareness about the Covid-19 pandemic as also its vaccination programme. Several government departments mandate people to use the Aarogya Setu app for Covid-19 related services and information.
Rajaharia in a follow-up tweet on January 20 said that he is not reporting any vulnerability in this incident but cautioning people to remain alert from fraud calls, offers related to Covid-19, etc that they may get as their data is being sold in the dark web.
Data sold in the dark web is often exploited by cyber criminals and fraudsters for various kind of frauds.
(With inputs from PTI)