Claims of a massive data breach emerged on Monday with the government later promising to look into the matter. The purported breach has affected all Indian citizens - including high-profile political leaders - who had uploaded their information on the CoWIN vaccination portal. The leaked data is reportedly available on social media platform Telegram and can now be accessed by any user.
According to a report by The Fourth News, personal information of Indian citizens, including their Aadhaar card, and PAN card details are available on messaging platform Telegram. The development was also flagged by Opposition leaders including TMC's Saket Gokhale who tweeted his interactions with the Telegram chatbot.
The report said that when a mobile number registered with the CoWIN portal is entered, the Telegram bot discloses the number of the ID card used for vaccination along with gender, birth year, and name of the vaccination centre, and his/her doses. With this massive data breach, the Aadhaar card, voter ID, and PAN card numbers of Indian citizens are accessible to anyone on Telegram.
Mint could not independently verify this report.
In the latest update, the developers of the Telegram bot that exposed the sensitive information from the leaked Co-WIN database are disabled now. The developers of the bot took the step after Manorama broke the story. Officials told Hindustan Times, Livemint's sister organisation that whenever such a report emerges a thorough audit is conducted to check database access.
In another development, the Centre has also responded to the news report. Government officials told CNBC TV-18, they have found "discrepancies in data leak of the screenshots of the CoWIN app".
Government officials have also rejected the hacking of the CoWIN app but added they are probing if there was any unauthorised access to the CoWIN app.
According to the Malayalam daily, the secretary of the Union Health Ministry Rajesh Bhushan was among the victims of the data leak. The report claimed that when Bhushan's number was entered, details including the final four letters of the Aadhaar number and Date of Birth were revealed along with similar details of his wife Ritu Khanduri, Uttarakhand MLA from Kotdwar.
Apart from these leaders, personal details of Ram Sewak Sharma, chairman of CoWin high power panel, Kerala Health Minister Veena George, Congress General Secretary KC Venugopal, and Union Minister of State Meenakshi Lekhi have been leaked.
In 2021, reports emerged that CoWIN portal got hacked, and resulted in the sale of the database of 15 crore people. However, cyber security researchers denied the claim.
In fact, in January this year, RS Sharma, Chief Executive Officer of the National Health Authority vouched for the CoWIN portal. He tweeted, "CoWIN has state-of-the-art security infrastructure and has never faced a security breach. Data of our citizens is absolutely "safe" and "secure". Any news about data leaks from CoWIN holds no merit".
Claims
In the latest leak on the Telegram app, if anyone has contact with an individual, then they can easily access their gender, passport number/ Aadhaar number, location of the first dose of Covid vaccine, and date of birth.
Trinamool Congress leader Saket Gokhale has also expressed concern regarding this latest data breach of citizens and high-profile people.
Gokhale wrote on Twitter, "There has been a MAJOR data breach of Modi Govt where personal details of ALL vaccinated Indians including their mobile nos., Aadhaar numbers, Passport numbers, Voter ID, Details of family members, etc. have been leaked & are freely available".
Gokhale shared screenshots where details of TMC leader Derek O'Brien, and Congress leader P Chidambaram KC Venugopal are also out publicly. Besides, the personal information of journalists like Rajdeep Sardesai, Barkha Dutt, and others has also been leaked.
The government has responded to the claims of CoWIN data leak, saying that the reports of a breach are “mischievous in nature". The government has also maintained that the data is “completely safe”.
In a press release, the government said, “It is clarified that all such reports are without any basis and mischievous in nature. CoWIN portal of Health Ministry is completely safe with adequate safeguards for data privacy.”
“Only OTP authentication-based access of data is provided. All steps have been taken and are being taken to ensure security of the data in the CoWIN portal,” it said.
Catch all the Business News , Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.