The Ministry of Health and Family Welfare refuted the claims around a breach in vaccination data of over 150 million individuals from the CoWIN portal, and termed such claims to be prima facie fake, in a statement issued on Thursday. It also stated that the matter is being further investigated by the Computer Emergency Response Team of Ministry of Electronics and Information Technology.
"In this connection we wish to state that Co-WIN stores all the vaccination data in a safe and secure digital environment. No Co-WIN data is shared with any entity outside the Co-WIN environment," R S Sharma, Chairman of the Empowered Group on Vaccine Administration, was quoted as saying in the statement.
Also Read: New Income Tax Website Launches With Glitches: All You Need To Know
Cybercrime intelligence DarkTracer initially brought this matter to light, when it claimed through a tweet that the information of 150 million COVID-19 vaccinated people in India were available on the dark web through a site called the 'Dark Leak Market'.
According to a listing on Dark Leak Market, the Co-WIN data was available for $800 (approximately ₹ 58,400). The listing offered details such as mobile number, Aadhar ID, GPS location, etc.
Refuting the availability of such information online, Sharma said, "The data being claimed as having been leaked such as geo-location of beneficiaries, is not even collected at Co-WIN."
Also Read: India To Grow 8.3% In FY22, Says World Bank, Bumping Up Jan Forecast
Security researchers and analysts also agreed with the government's statement, that such data leak is unlikely. Karan Saini, a network and application security researcher, took to Twitter to state the possibility that the purported data leak could be a way to scam buyers.
Internet security researcher Rajshekhar Rajaharia agreed with Saini, and called the listing a Bitcoin scam. "This market is frequently posting fake data leaks and scamming people. They are just taking Bitcoin for nothing. Data Sample also not available anywhere," he said.
However, certain cyber rights activists stressed on verifying the rumours, even if they looked fake prima facie.
Apar Gupta, who runs Internet Freedom Foundation, urged the Computer Emergency Response Team to 'fairly and independently' verify the claims of Co-WIN data leak. "It is important to remember that Co-Win did not even have a privacy policy till the High Court of Delhi issued directions on June 2, 2021," he added.
Also Read: The Mehul Choksi Saga: What's His Citizenship Status?