• CoWIN is an Indian government portal that facilitates COVID-19 vaccination registration and scheduling.
• In June 2021, it was reported that CoWIN's database had been breached and the personal information of millions of Indians was being sold on the dark web.
• The police arrested a software engineer, Rajshekhar Rajaharia, in connection to the data leak. Rajaharia had previously alerted authorities to vulnerabilities in the CoWIN system.
• However, Rajaharia claims that he is being wrongly held responsible for the leak, asserting that he had actually informed authorities about the data being available on the dark web.
• The police have denied any wrongdoing and has stated that they have evidence against him.
• The incident has raised concerns about the security and privacy of personal data on CoWIN, as well as the consequences of reporting vulnerabilities to authorities.

Overall, the CoWIN data leak and the subsequent arrest of a software engineer highlights the need for more robust data protection measures and better policies for handling vulnerability disclosures.