CoWIN Data leak! Aadhaar, PAN Card info, shared on Covid vaccination portal, made public by Telegram: Report
3 min read 12 Jun 2023, 11:34 AM ISTPersonal information of Indian citizens, including Aadhaar and PAN card details, are reportedly available on Telegram due to a data breach caused by the CoWIN portal
PremiumA shocking report of the data breach of Indian citizens, including high-profile political leaders emerged on Monday. The report claimed that the personal information of all Indian citizens, who registered themselves on the CoWIN portal--a government-run Covid vaccination portal, is available on Telegram. According to a report by The Fourth News, personal information of Indian citizens, including their Aadhaar card, and PAN card details are available on messaging platform Telegram.
The report said that when a mobile number registered with the CoWIN portal is entered, the Telegram bot discloses the number of the ID card used for vaccination along with gender, birth year, and name of the vaccination centre, and his/her doses. With this massive data breach, the Aadhaar card, voter ID, and PAN card numbers of Indian citizens are accessible to anyone on Telegram.
Mint could not independently verify this report.
In the latest update, the developers of the Telegram bot that exposed the sensitive information from the leaked Co-WIN database are disabled now. The developers of the bot took the step after Manorama broke the story. Officials told Hindustan Times, Livemint's sister organisation that whenever such a report emerges a thorough audit is conducted to check database access.
In another development, the Centre has also responded to the news report. Government officials told CNBC TV-18, they have found "discrepancies in data leak of the screenshots of the CoWIN app".
Government officials have also rejected the hacking of the CoWIN app but added they are probing if there was any unauthorised access to the CoWIN app.
According to the Malayalam daily, the secretary of the Union Health Ministry Rajesh Bhushan was among the victims of the data leak. The report claimed that when Bhushan's number was entered, details including the final four letters of the Aadhaar number and Date of Birth were revealed along with similar details of his wife Ritu Khanduri, Uttarakhand MLA from Kotdwar.
Apart from these leaders, personal details of Ram Sewak Sharma, chairman of CoWin high power panel, Kerala Health Minister Veena George, Congress General Secretary KC Venugopal, and Union Minister of State Meenakshi Lekhi have been leaked.
In 2021, reports emerged that CoWIN portal got hacked, and resulted in the sale of the database of 15 crore people. However, cyber security researchers denied the claim.
In fact, in January this year, RS Sharma, Chief Executive Officer of the National Health Authority vouched for the CoWIN portal. He tweeted, "CoWIN has state-of-the-art security infrastructure and has never faced a security breach. Data of our citizens is absolutely "safe" and "secure". Any news about data leaks from CoWIN holds no merit".
In the latest leak on the Telegram app, if anyone has contact with an individual, then they can easily access their gender, passport number/ Aadhaar number, location of the first dose of Covid vaccine, and date of birth.
Trinamool Congress leader Saket Gokhale has also expressed concern regarding this latest data breach of citizens and high-profile people.
Gokhale wrote on Twitter, "There has been a MAJOR data breach of Modi Govt where personal details of ALL vaccinated Indians including their mobile nos., Aadhaar numbers, Passport numbers, Voter ID, Details of family members, etc. have been leaked & are freely available".
Gokhale shared screenshots where details of TMC leader Derek O'Brien, and Congress leader P Chidambaram KC Venugopal are also out publicly. Besides, the personal information of journalists like Rajdeep Sardesai, Barkha Dutt, and others has also been leaked.