Days after reports surfaced on a purported breach of data of beneficiaries registered on the CoWIN platform, the Delhi police Special Cell has arrested a man from Bihar for allegedly leaking data from CoWIN to Telegram.
The police said the accused was arrested from his residence after he created a Telegram bot which shared citizens’ sensitive data. His mother works as a healthcare worker in Bihar and is also being questioned, said the police.
“The accused was identified using technical surveillance. He was arrested from his residence in Bihar. We suspect he took his mother’s help to breach the system. He created a bot and shared it on Telegram. We know he was not selling the data to anyone in particular. He tried hacking the system and was successful. When he realised he could put all the data online, he did. We don’t think he had any other ulterior motives,” said an officer, as per an Indian Express report.
In a concerning development, details of several politicians such as Telangana's Minister of Information and Communication Technology Kalvakuntla Taraka Rama Rao (popularly known as KTR), DMK Member of Lok Sabha Kanimozhi Karunanidhi, BJP Tamil Nadu President K Annamalai, Congress Member of Lok Sabha Karti Chidambaram, and Former Union Minister of Health Harsh Vardhan of the BJP, were easily accessed using the Telegram bot.
The Union Ministry of Health and Family Welfare in a press release stated that the Telegram bot was not using CoWIN’s application programming interface.
While asserting that the CoWIN portal is completely safe with adequate safeguards for data privacy, the ministry said an internal exercise has been initiated to review the existing security measures of CoWIN.
Minister of State for Electronics and Information Technology Rajeev Chandrasekhar said Indian Computer Emergency Response Team (CERT-In), the nodal cyber security agency, had reviewed the alleged breach and found the CoWIN portal was not “directly breached”. The government stated the bot was using “previously breached databases”.