In a major data breach, personal details of those who registered on the CoWIN portal to get their coronavirus vaccines has allegedly been leaked on messaging platform Telegram, reported The News Minute on Monday.

A bot on a Telegram group was providing details like names, date of birth, phone number as well as passport or Aadhar number of individuals who registered for vaccinations on the government-run CoWIN portal.

The breach was first reported by The Fourth, a Malayalam news portal which accessed details of Kerala Health Minister Veena George, CoWIN high power panel Chairperson Ram Sewak Sharma, Congress General Secretary KC Venugopal and Union Minister Meenakhi Lekhi.

More than 110 crore persons have registered on the CoWIN app.

The data breach was confirmed by The News Minute, which got access to details of Lok Sabha MP Kanimozhi Karunanidhi, Telangana minister Kalvakuntla Taraka Rama Rao, Former Union minister Harsh Vardhan, Bharatiya Janata Party Tamil Nadu chief K Annamalai and Congress MP Karti Chidambaram through the bot on the Telegram group. All of them expect Vardhan confirmed the veracity of the details the news portal got from the bot.

To access the details, one has to only provide the phone number or Aadhaar number of an individual registered with the CoWin app and the bot fetched the remaining details, according to The News Minute. The bot was taken down around 9 am on Monday, The News Minute reported.

This is not the first time that a breach has been reported in the CoWIN database. In June 2021, a hacker group named Dark Leak Market had claimed that it had access to the database of about 15 crore Indians who registered on the portal.

CoWIN high power panel Chairperson Ram Sewak Sharma, who is also the chief executive officer of the National Health Authority, had then refuted the claims, saying that the vaccination data is in “a safe and secure digital environment”.

Sharma again refuted the claims of data breach after The News Minute informed him about the Telegram bot.

“How can there be a breach of data?” he asked. “Give me the proof, because when you enter a phone number, the One Time Password comes only to that phone number. It is not possible for anyone to access others’ details.”

On Monday, Trinamool Congress spokesperson Saket Gokhale described the leak as a “matter of serious national concern”.

“Why is the Modi government including home ministry not aware of this leak and why haven’t Indians been informed about a data breach?” he asked in a series of tweets. “Who has the Modi government given access to sensitive personal data of Indians incl[uding] Aadhaar and Passport numbers which enabled this leak?”