The Congress on Monday sought a judicial investigation into the Centre’s “entire data management apparatus” after reports claimed that personal details of those who registered on the CoWIN portal to get their coronavirus vaccines were leaked on messaging platform Telegram.
A bot on a Telegram group was providing details like names, date of birth, phone number as well as passport or Aadhar number of individuals who registered for vaccinations on the government-run CoWIN portal.
The Union health ministry, however, said that reports claiming that there was a data breach from the CoWIN portal were “without any basis and mischievous in nature”. Union Minister of State for Electronics and Information Technology Rajeev Chandrashekhar also said that it did not appear that the CoWIN database had been directly breached.
However, the Centre asked the Indian Computer Emergency Response Team to look into the matter and submit a report.
The Congress’ General Secretary (Organisation) KC Venugopal said that he was appalled at Chandrashekhar’s “casual response”. He said that if a Telegram bot could throw up CoWIN details simply on the basis of mobile numbers, it would not take long for an automated software to harvest all the data on the portal within a matter of hours.
“This breach clearly shows that CoWIN data was not encrypted,” Venugopal said. “If it were, only those with the necessary authorisation will be able to access such data, and random Telegram bots will not be able to decrypt such personal data.”
The Congress leader said it was clear that no citizen could trust the government with its private information.
“Only an impartial, high-level judicial probe into the government’s entire data management apparatus can identify the extent of danger that is posed to our privacy as a result of this government’s carelessness,” he said.
Congress General Secretary (Communications) Jairam Ramesh claimed that the data breach had serious implications for privacy and security. He asked Chandrashekhar to clarify his statement that the Telegram bot was accessing a database that seemed to have been populated with “data stolen in the past”.
Ramesh asked: “If CoWIN database hasn’t been ‘directly breached’, is the minister then accepting that it is an indirect breach? What other databases are linked to the CoWIN database that has led to this vulnerability?”
Trinamool Congress spokesperson Saket Gokhale asked why citizens were not informed about data being stolen from the CoWIN portal in the past. He also asked why the Centre ordered an investigation into the matter if it claimed that reports of the breach were without any basis.