The personal data of individuals who registered on the central government’s CoWIN portal to receive COVID-19 vaccines was accidentally made available on messaging platform Telegram for a certain period.
According to multiple reports, when a mobile number registered with the CoWIN portal is entered, the Telegram bot reveals the number of the identity card (such as Aadhaar, passport, or PAN card) used for vaccination including details like gender, date of birth and the vaccination centre where the shot was administered. With this major data leak, the PAN Card, voter ID and Aadhaar card numbers of Indian citizens are accessible to anyone on Telegram.
As per the report, the passport details of the individuals who updated their CoWIN portal for international travel were also leaked.
According to Malayalam newspaper Malayala Manorama, the secretary of the Union Health Ministry Rajesh Bhushan was among the victims of the data breach. Bhushan’s number was entered and details including the last four letters of the Aadhaar number and birth date were disclosed along with details of his wife Ritu Khanduri, MLA from Kotdwar, Uttrakhand.
In addition, the personal information of Ram Sewak Sharma, chairman of CoWIN high power panel, Congress General Secretary KC Venugopal, Union Minister of State Meenakshi Lekhi and Kerela Health Minister Veena George has been leaked.
In 2021, reports came out that the CoWIN portal got hacked and resulting in the sale of data of 15 crore citizens. However, the reports were denied by the cyber security researchers.
In January this year, RS Sharma, CEO of the National Health Authority wrote on Twitter, "CoWIN has state-of-the-art security infrastructure and has never faced a security breach. Data of our citizens is absolutely "safe" and "secure". Any news about data leaks from CoWIN holds no merit".
After the latest data breach on Telegram, if anyone has contact with an individual, they can easily access their Aadhaar number, passport number, gender, birth date and location of the first dose of Covid Vaccine.
All India Trinamool Congress spokesperson Saket Gokhale shared screenshots of the data leak along with a Twitter thread. According to the tweet, details of TMC leader Derek O’Brien, Congress leaders P Chidambaram, Jairam Ramesh, and KC Venugopal are also disclosed publicly.
Apart from this, the personal details of journalists like Barkha Dutt, Rajdeep Sardesai, and others have also been leaked.
According to a report by India Today, the Union Health Ministry is actively working on a detailed report. The leaked data is being examined to determine the extent and impact of the incident, the report said citing sources.
However, the government has yet to respond officially to the allegations but the data breach has sparked serious concerns about the data security and privacy.