send mail to support@abhimanu.com mentioning your email id and mobileno registered with us! if details not recieved
Resend Opt after 60 Sec.
By Loging in you agree to Terms of Services and Privacy Policy
Claim your free MCQ
Please specify
Sorry for the inconvenience but we’re performing some maintenance at the moment. Website can be slow during this phase..
Please verify your mobile number
Login not allowed, Please logout from existing browser
Please update your name
Subscribe to Notifications
Stay updated with the latest Current affairs and other important updates regarding video Lectures, Test Schedules, live sessions etc..
Your Free user account at abhipedia has been created.
Remember, success is a journey, not a destination. Stay motivated and keep moving forward!
Refer & Earn
Enquire Now
My Abhipedia Earning
Kindly Login to view your earning
Support
Context: The CoWIN portal, which is used by most Indians to register for COVID-19 vaccination, has been in the news recently after reports of a data breach by a Telegram bot.
The Telegram bot allegedly shared the personal information of vaccinated people, such as their name, Aadhaar and passport numbers, when their phone number was entered.
Telegram supports third-party bots that offer additional functionality. These bots can be used to perform various tasks like converting files, checking emails and even letting users play games with others.
The Indian Computer Emergency Response Team (CERT-In) had been asked to investigate the issue and submit a report.
CERT-In, in its initial report, has pointed out that the back-end database for the Telegram bot was not directly accessing the APIs (application programming interfaces) of the CoWIN database.
Union Health Ministry said reports claiming CoWIN data breach are without basis and mischievous in nature and that the platform is "completely safe".
The data being accessed by bot from a threat actor database, which seems to have been populated with previously breached/stolen data stolen from past. It does not appear that Cowin app or database has been directly breached.
CoWIN has adequate safeguards for data privacy, said health ministry refuting reports of data leak from the platform.
The ministry, however, said it has requested the Indian Computer Emergency Response Team (CERT-In) to look into the issue and submit a report.
CoWIN Portal is the digital platform to capture covid-19 vaccination program details.
CoWIN connects to various stakeholders, including vaccine manufacturers, administrators, and verifiers, public and private vaccination facilities, and vaccine recipients etc.
The CoWIN platform was developed at a record speed with ample consideration to its scalability, modularity and interoperability. CoWIN has been integrated with other government mobile applications such as Aarogya Setu and UMANG.
UMANG (Unified Mobile Application for New-age Governance) is developed by the Ministry of Electronics and Information Technology (MeitY) and National e-Governance Division (NeGD) to drive mobile governance in India. UMANG provides a single platform for all Indian citizens to access pan India e-Gov services ranging from Central to local government bodies.
CoWIN provides access to third-party applications that have been authorised by the government to use its APIs (application programming interfaces).
APIs are a set of rules that allow two applications to communicate and share data.
At present individual level vaccinated beneficiary data access on the CoWIN portal is available at three levels.
Beneficiary dashboard: The person who has been vaccinated can have an access to the Co-WIN data through use of registered Mobile number with OTP authentication.
CoWIN authorized user: The vaccinator with use of authentic login credential provided can access personal level data of vaccinated beneficiaries. But the CoWIN system tracks and keeps record of each time an authorized user accesses the CoWIN system.
API based access: The third party applications who have been provided authorised access of Co-WIN APIs can access personal level data of vaccinated beneficiaries only through beneficiary OTP authentication.
A leak of personal information from the CoWin platform would mean weakness in this digital public infrastructure, which has been a pillar for both government’s delivery of public goods and for the private sector to innovate and offer services like payment facilities.
The data can be used for fraud, phishing, spamming, or harassment. It can also expose users to targeted attacks based on their vaccination status or location.
The data breach will undermine the public trust in government portals like CoWIN and which led people to lose confidence in giving data to the government platforms.
The data breach claim has come as a major jolt to the government, which has been taking steps to digitize the economy and has built digital public infrastructure (DPI) based on the biometric identification number Aadhaar, individuals’ mobile numbers, and bank accounts as the backbone for the transfer of benefits and innovation in the private sector.
The exponential growth of digital transactions in the past decade, especially in the last two years of the COVID-19 pandemic, has resulted in the huge generation of data.
Concerns and issues with respect to the inappropriate management of data, particularly personal or sensitive data have also emerged, including data breaches and privacy violations.
India’s journey towards having strong data protection legislation has been chaotic with multiple rounds of deliberations. These include the Digital Information Security in Healthcare Act (DISHA), 2018, the draft Personal Data Protection Bill (PDPB), 2019, and the revised draft Data Protection Bill (DPB), 2021.
Thus, in the absence of comprehensive data protection legislation, it is only the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, drafted in accordance with Section 43A of the Information Technology (IT) Act, 2000 that governs the sensitive personal information of the citizens in India currently.
However, the existing mechanisms under the IT Act and its 2011 rules are inadequate to safeguard the fundamental rights of the citizens.
The existing mechanisms under the IT Act and its 2011 rules are inadequate to safeguard the fundamental rights of the citizens.
Major concerns are: Lack of defined data storage policy, data retention measures, non-adherence to data minimisation and purpose limitation, no penalties for data breaches, and a lack of proactive measures to ensure the security of personal data.
Increase awareness among the software community on producing safer software and push organisations to invest in better practices.
There is need to invest in cutting-edge defence mechanisms, enact stringent legislation, and foster cross-sector collaboration to counter evolving threats
Digital Personal Data Protection Law needs to be passed soon.
It is an office within the Union Ministry of Electronics and Information Technology (MeitY) established in 2004 under the IT Act 2000.
It is the nodal agency to
Deal with cyber security threats.
Strengthen the security-related defence of the Indian Internet domain.
Coordinate with public and private organisations in India when cyber incidents like data breaches and ransomware attacks are reported.
Issue advisories for software vulnerabilities as guidance for organisations.
CERT-IN has overlapping responsibilities with other agencies such as:
National Critical Information Infrastructure Protection Centre (NCIIPC) which is under the National Technical Research Organisation (NTRO) that comes under the Prime Minister's Office.
The National Disaster Management Authority (NDMA) is under the Ministry of Home Affairs.
By: Shubham Tiwari ProfileResourcesReport error
Access to prime resources
New Courses