Terming the government response to the alleged CoWIN data breach as “casual”, the Congress on Monday sought a high-level judicial probe into the entire data management apparatus of the country in order to identify the extent of danger posed to the privacy of citizens.
“I am appalled at your casual response to the breach of privacy of 1.4 billion Indians,” Congress general secretary K.C. Venugopal tweeted, responding to a statement by Minister of State for Information Technology Rajeev Chandrasekhar that the Indian Computer Emergency Response Team (CERT-In) had responded to the reports of data breach and that it did not appear that the CoWIN app or database was directly breached.
Mr Venugopal said: “If a Telegram bot can throw up CoWIN details simply by inputting mobile numbers, it will not take too long for an automated software to harvest all CoWIN data within a matter of hours. This breach clearly shows that CoWIN data was not encrypted. If it were, only those with the necessary authorisation will be able to access such data, and random Telegram bots will not be able to decrypt such personal data.”
“It is clear that no citizen can trust this government with its private information. Only an impartial, high-level judicial probe into the government’s entire data management apparatus can identify the extent of danger that is posed to our privacy as a result of this government’s carelessness,” he said.
Congress general secretary (communications) Jairam Ramesh said personal data breach was a grave matter with serious implications for privacy, security and made Indians vulnerable to financial frauds.
“The tech-savvy Minister instead of issuing casual WhatsApp forward style tweets should hold a Press Conference at the earliest and clarify at the very least,” he said.
“If CoWIN database hasn’t been ‘directly breached’, is the Minister then accepting that it is an indirect breach? What other databases are linked to the CoWIN database that has led to this vulnerability? What immediate steps is the Modi govt taking to secure the personal data of crores of Indians who trusted the govt to keep their details safe?” Mr. Ramesh tweeted.
The Union Health Ministry said an internal exercise had already been initiated to review the existing security measures.