Disclaimer: Copyright infringement not intended.

Context and Background

• Recently, reports emerged that a bot on the messaging platform Telegram was allegedly returning the personal data of Indian citizens who registered with the COVID-19 vaccine intelligence network (CoWIN) portal for vaccination purposes.
• The bot spewed out personal details like name, Aadhaar and passport numbers upon entry of phone numbers.

CoWIN portal track

About

• CoWIN is a government-owned web portal set up in 2021 to administer and manage India’s COVID-19 vaccine rollout.

Usage of Public Digital Infrastructure

• The health register-style platform leverages existing public digital infrastructure like the Electronic Vaccine Intelligence Network (eVIN), an app that provides data on vaccine cold chains in the country; Digital Infrastructure for Verifiable Open Credentialing (DIVOC), a vaccine certificate issuer; and Surveillance and Action for Events Following Vaccination (SAFE-VAC), a vaccine adverse event tracker.

Mandate and Functioning

• The platform, on a real-time basis, tracks vaccines and beneficiaries at the national, State, and district levels. It monitors vaccine utilization and wastage and maintains an inventory of the vials.
• For citizens, CoWIN verifies identity, helps schedule vaccine appointments, and issues a vaccine certificate.
• The database captures information flowing from four separate input streams — citizen registration; health centers; vaccine inventory; and vaccine certificates.
• Each stream functions independently, and at the same time exchanges data to minimize redundancies.
• The platform is a microservices-based, cloud-native architecture developed from the ground up on Amazon Web Services (AWS).
• A microservice architecture is a pattern that arranges an application as a collection of loosely linked, fine-grained services. These services interact with each other through certain set protocols.

The recent Breach

• The entire CoWIN data had been hacked and leaked on Telegram.
• The screen grabs of leaked data included personal information such as names, mobile numbers, Aadhaar card details, PAN card details, date of birth, and vaccination center information. In some instances, even the passport details were leaked.
• In past data breaches, cybersecurity experts have attributed data leaks to human error or negligence in setting up databases in the cloud.
• Misconfiguring a system, or involvement of third-party apps with limited privacy features, could have also exposed user data to unauthorized people.

Concern

• The fact remains that the sensitive personal data of millions of Indian citizens who signed up for the COVID-19 vaccination is in the hands of cybercriminals.
• It is unclear how they plan to use this information. But such leaks reveal India’s unfinished data protection business.

Way Ahead

• A data protection law could be a useful tool in fixing accountability and building safeguards around the use and processing of personal data.
• Need of Data Protection Policy: In 2017, the Supreme Court of India recognised privacy as a fundamental right, highlighting the need to protect personal information. But the country is still struggling to frame a personal data protection policy.

Conclusion

• Cybersecurity in India is becoming increasingly important as more people turn to online services and digital platforms.
• As the threats become more sophisticated, it is essential that organizations, businesses and individuals understand the trends and risks so they can protect themselves from cyber-attacks.
• With a combination of well-thought-out strategies such as network segmentation, regular patching, two-factor authentication and user education, these vulnerabilities can be mitigated.
• By staying ahead of emerging cybersecurity threats in India through comprehensive vulnerability assessments we can ensure a secure future for all users connected to the internet.

READ ABOUT THE COWIN DATA LEAK IN DETAIL: https://www.iasgyan.in/daily-current-affairs/cowin-data-leak

DATA PROTECTION AND LOCALIZATION: https://www.iasgyan.in/daily-current-affairs/data-protection-and-localization

PRACTICE QUESTION Q. Cybersecurity in India is becoming increasingly important as more people turn to online services and digital platforms. As the threats become more sophisticated, it is essential that organizations, businesses, and individuals understand the trends and risks so they can protect themselves from cyber-attacks. Comment.