The Cowin information breach: Can such assaults recur?

Minister of state for electronics and IT Rajeev Chandrasekhar says the Cowin app didn’t face a direct information breach. But the incident might nonetheless put delicate private well being information of customers at stake. Mint explains why such breaches could possibly be extreme and why they’re so frequent:

What’s a knowledge breach, how do they happen?

A knowledge breach occurs when a platform with user-data is compromised, resulting in the info being stolen. There could possibly be many causes behind breaches, together with wrongly configured cloud platforms the place information was saved and unknown bugs (referred to as zero-days) which can be exploited by cyber criminals. Data breaches might be direct or oblique. An instance of the latter could be hackers exploiting a flaw within the code in a 3rd get together app to achieve entry to a bigger database. With an more and more related world industrial provide chain, extra information is shared throughout companies, inflicting an increase in third-party information breaches.

What occurred to the Cowin platform?

In a tweet on 12 June, Chandrasekhar mentioned it “doesn’t seem” that the Cowin app or database was “directly breached”. Rather, user-data from the database, which was being revealed on messaging app Telegram by way of a chatbot, was being accessed from a “menace actor database… populated with beforehand stolen information”. The minister’s declare factors to a 3rd get together information breach, the place platforms that used Cowin to confirm customers—frequent throughout post-pandemic journey—might have confronted a breach. The union well being ministry denied studies of a knowledge breach affecting the Cowin platform.

View Full Image

Graphic: Mint

Why do cyber assaults maintain taking place in India?

India has an enormous variety of web customers—one of many greatest markets for any digitized enterprise. This makes India a hotbed of user-data. Cowin dashboard on Tuesday confirmed it had over 1.1 billion customers’ information. A breach of information on any public platform might expose tens of millions of customers to a variety of additional cyber assaults similar to focused phishing and scams.

Do any companies or govt our bodies face penalties?

India thus far doesn’t have a direct legislation for cyber safety. The Indian Computer Emergency Response Team (CERT-In)’s laws from final yr penalises failure to report a knowledge breach. NS Nappinai, Supreme Court lawyer, mentioned, “For a knowledge breach itself, you might have Section 43A of Information Technology Act, 2000, which solely holds a physique company liable. As of now, our minimal information safety legal guidelines underneath the IT Act don’t cowl the federal government. Since private information impacts the elemental proper of privateness, it’s open to victims to hunt treatments by way of courtroom.”

What do users have at stake?

Sensitive data, once leaked, is unrecoverable—it can be accessed by any cyber criminal with intent to purchase a database. This makes users highly susceptible to scams and cyber attacks, which have also grown increasingly sophisticated in nature. “In case of a data breach, user-data is prejudicially affected for a lifetime. The lack of a dedicated legal framework means we can’t provide effective remedies to those whose data has been compromised,” mentioned Pawan Duggal, Supreme Court lawyer.

Catch all of the Technology News and Updates on Live Mint.
Download The Mint News App to get Daily Market Updates & Live Business News.

More
Less

Updated: 13 Jun 2023, 11:35 PM IST

Topics