June 12 khan report awmah messaging platform Telegram hmangin Indian khua leh tui te Covid-19 vaccine intelligence network (CoWIN) portal-a an personal data te chu tihchhuahin a awm tih a ni a. Bot chuan mimal hming, Aadahar leh passport umber te thlengin an phone number dahin a pholang tuar thei tih a ni a.
He mi ni vek hian Health Ministry chuan data tihchingpen a awm tia report chu a hnawl thu a sawi nghal a. Indian Computer Emergency Response Team (CERT-In) te chuan an chhui chian nghal thu a sawi a.
A hranpain Minister of State for Electronics and IT Rajeev Chandrasekhar chuan nodal cyber security agency te chuan putru nia sawi hi an chhui chian nghal thu leh chutiang engmah a awm loh thu an sawi a ni.
-- Advertisement --
Eng nge CoWin portal?
CoWIN hi government-owned web portal niin kum 2021 khan Covid-19 vaccine pekchhuah laia siam a ni a. Health register-style platform niin public digital infrastructure heng Electronic Vaccine Intelligence Network (eVIN) te, Digital Infrastructure for Verifiable Open Credentialing (DIVOC), vaccine certificate issuer; leh Surveillance and Action for Events Following Vaccination (SAFE-VAC) tih te nena inthlunzawm vek a ni.
He platform hian real-time basis in vaccine pek tawh te leh la pek tur te chu national, State leh district level ah a monitor reng bawk a. Vaccine utilisation leh wastage te pawh a huam tel vek bawk a. Khua leh tuite tan chuan CoWIN chuan vaccine lak theih hun turte vaccine certificate te putu a ni a. He database hian information chu chi li in – citizen registration, health centre, vaccine inventory leh vaccine certificate angin a chhinchhiah a. Stream tin te hi a hranpa theuhin an thawk a, a chang chuan awlsam zawk nan data te pawh inthleng tawn thin an ni. He platform hi microservices-based cloud-native architecture niin Amazon Web Services (AWS) hmanga siam a ni.
Data breach chungchang?
Tun hi data te a putru tih sawi lan tum khatna a ni lo. January 2022 pawh khan government server atangin khua leh tui te data sang tam tak a putru tawh tih a ni tawh a. Chuta information putruah chuan Covid-19 test result, phone number, hming leh address te pawh a tel a. Heng data te hi online search hmanga hmuh mai theih tia sawi a ni a. Nikum December thla khan security breah a awm tia sawi tawh tho niin Iranian hacker chuan CoWIN database a data te chu a kawl thu a sawi.
Mahse heng media report pahnih te hi Ministry of Electronics and Information Technology (MeitY) chuan a hnawl ve ve a. Heng data leak te hi CERT-In chuan investigation a neih hriat a ni lo. Nodal cyber security agency tena regular basis a reference an siamah engmah sawilanna an nei ngai lo.
Tuna data leak thar ber sawiah pawh IT Minister chuan CERT-IN te chuan an enfiah thu leh CoWIN system chu a him thu a sawi a, tichung chuan cybersecurity agency te chuan investigation an neih emaw review an neih emaw engmah sawi lan an nei chuang lo bawk a. Mahse, Indian Express chuan agency te chuan State 11 te nen database chungchangah agency te chuan sawihona an nei tiin a sawi thung.
Engtiangin nge Telegram bot in CoWIN kaihhnaiwh data a neih theih?
Cloud provider AWS, Microsoft’s Azure leh Google Cloud te ang chuan database te him taka a awm theih nan security an pe lo va, a infrastructure chauh an tum tlangpui thin. Hei vang hian cloud environment a data him leh him loh chu customer te mawhphurhna a ni a. Nikuma AWS tena vulnerability note an tihchuahah pawh CERT-In te chu an tel loh avangin AWS te lam chu mawhpuh theih loha ngaih an ni.
Cloud te hian traditional data centre te ai chuan security an pe tha zawk a, chutihrual chuan legacy systems te virtual server a hman te chu him lo thei a ni thung. heng link te hi hacker tena database luh nana an hmanrua pawimawh a ni a. Hei vang hian CoWIN chuan leveraging legacy software tool a hman avangin entry point te chu bot tena portal luhpalh theih nana an hman remchan theih a ni tih a ni.
A hmaa data breach awmah cybersecurity expert te chuan cloud a databse siamah mihringte fimkhur tawk loh vang an ti a. System configure dik tawk loh te emaw third-party app hman te chuan user data te chu hacker ten an neih pha thei thin tia sawi a ni.
A nghawng awm thei?
Tuna rinhlehna awm chu Covid-19 vaccine lak nana India khua leh tui maktaduai tel tehmeuh te personal data chu cybercriminal te kutah a awm em tih a ni a. Chung data pawimawhte chu lo nei ta se engtiangin nge hman an tum ang tih chu zawhna a ni bawk a. Chutihrual chuan a putru a nih ngat chuan India chu data protection business lamah a hnufumzia pholanna a ni bawk a. Hei vang hian data protection law chu personal data te vawnhim an nih theihna tura kawng pawimawh tak a ni dawn a ni.
Kum 2017 khan Supreme Court of India chuan privacy chu fundamental right tia sawiin personal information humhim pawimawhna a sawi a. Mahse, tun thlengin India chuan personal data protection policy lamah harsatna a la tawk zui zel mai.