Seek answers for data leaks - Hindustan Times

Seek answers for data leaks

ByHT Editorial
Jun 13, 2023 10:49 AM IST

Reports of a CoWIN data leak show the need for accountability and a data protection law

The database of India’s Covid-19 digital vaccination booking service may have been compromised, reports and screenshots suggested on Monday. The first of these came from a Malayalam website The Fourth, and subsequent disclosures showed personal information such as date of birth, identity numbers and the location of last vaccine dose for an individual could be retrieved by entering their phone number. The government dismissed the reports as false but said it was initiating an internal review. There were suggestions that the breach may have happened elsewhere (where isn’t clear) and previously (when isn’t clear). For any individual, establishing identity is critical for access to most, if not all, utilities and services. Establishing identity usually rests on two tiers of verification: Consistency of information (an individual alone would know their full date of birth, for instance), and documentary evidence (Aadhaar or passport numbers). Together, these are known as personally identifiable information, or PII. The screenshots list both.

The database of India’s Covid-19 digital vaccination booking service may have been compromised, (File Photo) PREMIUM
The database of India’s Covid-19 digital vaccination booking service may have been compromised, (File Photo)

Indians are no strangers to data breaches – almost every individual with a mobile number and a credit history figures in reams of lists that spammers rely on to inflict what is now a daily menace. But a leak of information such as in the CoWIN breach, if true, can become far more insidious. The potential for harm from such information being public extends beyond spam: An attacker armed with such data can feasibly steal a target’s identity and break into their bank accounts. It becomes even more dangerous when foreign adversaries are taken into account, since a database such as CoWIN will have included – as many screenshots have suggested – the PII of politicians and people in sensitive jobs.

The government’s response leaves much to be desired. Official denials in such cases of alleged data breaches often appear knee-jerk – recall when the premier All India Institute of Medical Sciences in New Delhi was hacked last year, and the subsequent chaos demonstrated that it was not as mild an incident as initially made out. Cybersecurity breaches have become a difficult but almost inevitable reality that countries and companies around the world have begun to live with, but where India needs to do more is put in laws and processes to reduce the likelihood of such events. And the first step in that direction needs to be a law that places the necessary protections on privacy and fixes accountability for those that violate it. Nothing less will do.

Unlock a world of Benefits with HT! From insightful newsletters to real-time news alerts and a personalized news feed – it's all here, just a click away! -Login Now!

Continue reading with HT Premium Subscription

Daily E Paper I Premium Articles I Brunch E Magazine I Daily Infographics
Share this article
Story Saved
Live Score
Saved Articles
My Reads
Sign out
New Delhi 0C
Wednesday, June 19, 2024
Start 14 Days Free Trial Subscribe Now
Follow Us On