Aadhaar, PAN data of COVID vaccine takers leaked on Telegram via CoWIN: Report

There is alarming news about a major data breach that has put citizens' personal information at risk in our country. The breach includes important details such as PAN and Aadhaar card information. Shockingly, this leaked data has been discovered on the messaging platform Telegram.

The Fourth News has reported that the breach occurred due to vulnerabilities in the CoWIN portal. Many people used this portal to register their personal information for Covid vaccination purposes.

According to the report, when a phone number registered with the CoWIN portal is entered, a Telegram bot shares the corresponding ID card number that was used for vaccination. Along with that, it also reveals other details like the user's gender, birth year, the name of the vaccination centre, and information about the vaccine doses.

In the latest update, the developers of the Telegram bot responsible for exposing sensitive information from the leaked Co-WIN database have now been disabled. This action was taken after Manorama broke the story. Government officials mentioned that a thorough audit is being conducted whenever such reports emerge to check database access.

Furthermore, the government has responded to the news report, stating that discrepancies have been found in the leaked screenshots of the CoWIN app. They have denied any hacking of the CoWIN app but are investigating the possibility of unauthorised access.

Speaking to HT Tech, Professor Sandeep Shukla, professor, IIT - Kanpur, said, “No system is 100% secure, and one has to evaluate risk continually and dynamically manage security posture based on threat perception. If instead we declare ourselves to be fully secure, none of that can happen.”

According to a Malayalam daily, the Secretary of the Union Health Ministry, Rajesh Bhushan, was among the victims of the data leak. The report claimed that when Bhushan's number was entered, details including the last four digits of the Aadhaar number and date of birth were revealed, along with similar information about his wife, Ritu Khanduri, who is an MLA from Uttarakhand.

In 2021, there were reports of the CoWIN portal being hacked and the sale of the database of 150 million people. However, cybersecurity researchers denied these claims.

Earlier this year, the CEO of the National Health Authority, RS Sharma, confirmed the security of the CoWIN portal, stating that there had never been a security breach. He assured that the data of citizens is safe and secure.

Trinamool Congress leader Saket Gokhale has expressed concern about this recent data breach affecting citizens and high-profile individuals. Gokhale tweeted about a major breach where personal details of all vaccinated Indians, including mobile numbers, Aadhaar numbers, passport numbers, voter IDs, and family member details, have been leaked and are freely available.