Co-Win system not hacked, says RS Sharma

The Computer Emergency Response Team (CERT) of Ministry of Electronics and Information Technology has investigated the matter of the alleged hacking of the Co-WIN system and it has found this to be a false claim.
Co-WIN is a platform for the citizens to register for Covid-19 vaccination, schedule their vaccination at the nearest vaccination centre and then get vaccination certificates.

Dr R S Sharma, chairman of the Empowered Group on Vaccine Administration (EGVAC), clarified that the claims of so-called hackers on the dark web, relating to alleged hacking of the Co-WIN system and data leak, was baseless. “We continue to take appropriate steps as are necessary, from time to time, to ensure that the data of the people is safe with Co-WIN,” Sharma said in a release issued by the Union health ministry.

Sharma said the Co-WIN system had multiple firewalls put in place to ensure such things did not happen. Both the Co-WIN team and the CERT had verified that no such event had occurred. The system disallowed data download beyond a particular level at both application and cloud level, he said in an interview with a television channel.

The only data stored about citizens were names, age, gender and mobile numbers which were stored in a safe and secure environment with encrypted data, he said. The only information they were giving out was a digital vaccination certificate, Sharma said.

Sharma also said they were considering to add to the Co-WIN system a facility where citizens could report any adverse event post-vaccination. The system now allowed for correction in name of the vaccinated in the vaccine certificate and two lakh mistakes had been corrected so far.