False: Data of 150 million COVID-19 vaccinated people were leaked from the CoWin App.

By: Ranjini K
June 17 2021

Share Article:

Following CoWin App data leak reports, the government ruled out the possibility of a hack and said the data was stored in a safe digital environment.A massive data leak claim surfaced in Indian media. The reports claimed that the COVID-19 vaccination data of 150 million Indians collected through the CoWin platform were available for purchase. CoWin App is used to register a slot for COVID-19 vaccination in India. In addition to the CoWin portal, the government accepts COVID-19 vaccine registrations through the Aarogya Setu and Umang apps Following reports of a data breach, the Ministry of Health and Family Welfare said that the hack reports ''appear to be fake.'' According to the ministry, all vaccine data collected through the CoWIN platform was stored in a "safe and secure digital environment." Hindustan Times reports that Moneycontrol had said that a website called Dark Leak Market was selling a database of Indians users for $800 who got vaccinated for COVID-19. While the website stated that they were not the "original leaker," but they claimed that they have a database of 150 million vaccinated people names, Aadhar numbers, and locations, according to the report. In a Press information Bureau release dated June 10, 2021, the Ministry of Health and Family Welfare and the Chairman of the Empowered Group on Vaccine Administration (EGVAC) denied the CoWin hack reports. Dr. R S Sharma, Chairman of the Empowered Group on Vaccine Administration (Co-Win), clarified that "Our attention has been drawn towards the news circulating on social media about the alleged hacking of Co-Win system. In this connection, we wish to state that Co-Win stores all the vaccination data in a safe and secure digital environment. No Co-Win data is shared with any entity outside the Co-Win environment. The data is claimed as having been leaked such as geo-location of beneficiaries is not even collected at Co-Win" Despite dismissing the accusations as false, the Indian Computer Emergency Response Team (CERT-In) of the Ministry of Electronics and Information Technology (MietY) is investigating the matter. NDTV reports cybersecurity expert Rajshekhar Rajaharia also refuted the data leakage claimed by the reseller. He wrote on Twitter that it was nothing but a scam. Karan Saini, a security researcher, located in Bengaluru, also stated that the data sample suspected of being stolen had not yet been released. According to Saini, the reseller is offering some sample data but at a cost. In addition, if hackers are selling data on the dark web, they frequently supply free samples. The COVID-19 pandemic has given rise to a lot of potentially dangerous misinformation. For reliable advice on COVID-19, including symptoms, prevention, and available treatment, please refer to the World Health Organization or your national healthcare authority.