NEW DELHI: The CoWIN portal has complete security measures and adequate safeguards for data privacy, the centre said on Friday in the Lok Sabha.
However, the Minister of State for Health and Family Welfare Satya Pal Singh Baghel did not confirm whether there was any case of violation of privacy of data on the CoWIN portal, despite being asked by Bharatiya Janata Party MP Hema Malini.
"There were media reports recently of an apparent breach of Co-WIN data of beneficiaries who have received COVID-19 vaccination in the country," Baghel said in a written reply.
However, he said that actions were immediately taken in this regard.
In June this year, there were reports of alleged data leak of personal information of people, including some opposition leaders and bureaucrats. This was the second instance of alleged data leak from the CoWIN portal, India’s COVID-19 vaccination tracking platform. Such a breach was also reported in 2022. The government had denied it back then and had said it was "safe and secure."
In the written reply, Baghel said the portal has "complete security measures and adequate safeguards for data privacy with Web Application Firewall (WAF), Anti-DDoS, SSL/TLS (regular vulnerability assessment) Identity and Access Management."
Listing the steps, he said all Co-WIN APIs for both government and private sector were deactivated immediately thus completely restricting Co-WIN access.
Media response on the Co-WIN data breach was issued immediately informing that the Co-WIN portal is completely safe with adequate safeguards for data privacy.
A meeting was taken with CERT-In (Indian Computer Emergency Response Team) to discuss requirements for investigation by CERTIn and issues on Co-WIN Platform security. A complaint narrating the incident was made to the National Cyber Crime Cell.
He said further steps were also taken to ensure more safety of data on the CoWIN portal. These included two-factor authentication features (Password & OTP) while login by the users (service providers) was put in place on Co-WIN. All log trails of users are captured and stored in the Co-WIN database securely. Password reset has been done for all services provided on Co-WIN, the minister added.