Government Dismisses CoWIN Data Breach Claims
The alleged CoWIN data leak includes name, phone number, Aadhaar ID, GPS, location, and state of citizens. However, in a press statement, the Indian government said that the reports of the CoWIN platform getting hacked are unfounded. In addition, the Computer Emergency Response Team of the Ministry of Electronics and Information Technology (MietY) has started an investigation on the claims. “We wish to state that Co-WIN stores all the vaccination data in a safe and secure digital environment. No Co-WIN data is shared with any entity outside the Co-WIN environment. The data being claimed as having been leaked such as geo-location of beneficiaries, is not even collected at Co-WIN,” said Dr. RS Sharma, Chairman of the Empowered Group on Vaccine Administration. Apart from the Indian government, independent security researcher Rajshekhar Rajaharia says the CoWIN portal hack claims are fake. He even goes on to say it is a Bitcoin claim. Notably, the website that has listed the CoWIN data is a reseller. Even the sample data is behind a paywall for 0.0487972 BTC (~$179 or Rs. 13,000). This is unusual as most data leaks make the sample data available for free to prove the legitimacy.
— Rajshekhar Rajaharia (@rajaharia) June 10, 2021 From what it looks like, the COWIN data leak is likely a scam. We will have to wait to see if the government’s investigation offers more clarity in the coming days.