Citizens' Personal Data Leaked on Telegram via Co-WIN. (HT_PRINT)

Private Data of Vaccine Recipients Leaked on Telegram Through CoWIN Platform

Nitin MisraJune 12, 23 Privacy, Security, Telegram

Disturbing reports have emerged regarding a significant data breach that has jeopardized the personal information of citizens in our nation. The breach encompasses crucial particulars, including PAN and Aadhaar card data. To make matters worse, this leaked information has been detected on the messaging app Telegram, which is a cause for concern.

The Fourth News has reported that the data breach was caused by vulnerabilities in the CoWIN portal. Many people used this portal to register their personal details for Covid vaccination purposes.

According to the report, when the phone number registered in the CoWIN portal is entered, the Telegram bot will share the corresponding ID card number used for vaccination. In addition to that, it also reveals other details such as the user’s gender, year of birth, the name of the vaccination center and information about vaccine doses.

In the latest update, the developers of the Telegram bot responsible for exposing sensitive information from the leaked Co-WIN database have now been disabled. This action was taken after Manorama broke the story. Government officials mentioned that whenever such reports surface, a thorough audit is conducted to verify access to the database.

In addition, the government has responded to the news report and stated that discrepancies have been found in the leaked screenshots of the CoWIN application. They have denied any hacking of the CoWIN app, but are investigating the possibility of unauthorized access.

According to a Malayalam newspaper, Union Health Ministry Secretary Rajesh Bhushan was among the victims of the data leak. The report alleged that when Bhushan’s number was entered, details were revealed, including the last four digits of the Aadhaar number and date of birth, along with similar information about his wife Ritu Khandur, who is an MLA from Uttarakhand.

In 2021, it was reported that the CoWIN portal was hacked and the database of 150 million people was sold. Cybersecurity researchers, however, disputed these claims.

Earlier this year, National Health Authority CEO RS Sharma confirmed the security of the CoWIN portal and stated that there had never been a data breach. He assured that citizens’ information is safe.

Trinamool Congress leader Saket Gokhale has expressed concern over this recent data breach affecting citizens and high-profile individuals. Gokhale tweeted about a major breach where personal data of all vaccinated Indians, including mobile numbers, Aadhaar numbers, passport numbers, voter IDs and family members’ details, has been leaked and is freely available.