Earlier this week, Prime Minister Narendra Modi and two of his ministers were in full damage control mode. The personal information of lakhs of Indians registered on the Union Government’s CoWIN portal was leaked. Details of Aadhaar, passport number, PAN and more were all freely accessible through a Telegram bot. Anyone could easily access details through a basic phone number search.
Despite such a large-scale breach of data registered with a government platform, the Union Government did what it does best – deny and then underplay the violation. Even as the data continued to be widely accessible, the government said, “The CoWIN portal of the Health Ministry is completely safe with adequate safeguards for data privacy. Furthermore, security measures are in place on the CoWIN portal.” The statement added that the data being circulated was stolen in the past and was not sourced in this week’s breach. An excuse that would only hold good in a class taught at WhatsApp University!
This is not the first data breach on CoWIN. Dismissing the previous attempt made in January, National Health Authority CEO RS Sharma had said, “CoWIN has state-of-the-art security infrastructure and has never faced a security breach. The data of our citizens on CoWIN is absolutely safe and secure.” Five months later, ministers have dismissed this colossal breach as “mischievous” reporting. No lessons learned.
One can’t help but observe the BJP’s nonchalance towards this massive data breach. After all, this breach of data on servers of government institutions is not the first. In December 2022, five servers of the All India Institute of Medical Sciences (AIIMS) were attacked and 1.3 terabytes of data was encrypted. In a hospital where lakhs of citizens come to access affordable healthcare, services were suspended for a week and sensitive data of 40 lakh patients was lost. There is more.
A week ago, AIIMS was targeted by yet another cyberattack. In 2019, the Army faced two cyber attack attempts every month. Cybersecurity group CloudSEK, responsible for providing cyber threat intelligence to the Government’s CERT.in, found that India saw the highest number of cyber attacks on government agencies in 2022.
In addition to its own agencies, the government is failing to prevent these attacks on financial and banking institutions. According to an answer furnished by the ministry to parliament in August, there were 248 successful data breaches on banking institutions between 2018 and 2022. Per a study by Microsoft, one out of three Indians who have been victims of financial fraud online never recovered their money. This is significantly higher than the global average of 7%.
Crimes being carried out digitally are also on an alarming rise. The National Crimes Record Bureau (NCRB) says there were 55,000 reported cases of cybercrimes in 2021. Of these, 20 per cent of cases of cyber blackmail, threats, cyber pornography, obscene sexual materials, cyberstalking, morphing, and the creation of fake profiles are against women. IPS Officer Yashasvi Yadav, Special Inspector General, Maharashtra Cyber Department, substantiated this by calling India the sextortion capital of the world with 500 such cases daily. Of these cases, only 0.5 per cent are taken forward as FIRs.
Not just women, but children in India are also cyberbullied every minute. The worst affected are senior citizens. According to National Cyber Security Coordinator Rajesh Pant, of the 3,500 financial frauds reported daily, senior citizens are the most targeted.
If the Union Government is as technology-forward as it makes itself out to be, it should consider moving beyond PR events and hollow buzzwords like e-Kranti. Here’s a suggestion from a member of the Opposition. The monsoon session of parliament begins in July. The Personal Data Protection Bill has long been pending. So has the Digital India Act. Bring them to parliament. New buildings alone a contemporary mindset do not make.
P.S. I have filed a police complaint against the illegal leak of confidential and sensitive data stored in the CoWIN portal.
[This article appeared on NDTV.com | Friday, June 16, 2023]