Chandrasekhar clarified in a tweet that the bot was accessing data that had been previously stolen in a separate leak, and there is no evidence to suggest that the CoWIN database itself was directly breached. However, he did not specify the source of the breach from which the data originated.
COWIN data leak on Telegram channel alleged; Centre says portal ‘safe’
According to media reports, a bot on Telegram was disclosing personal information of Indian citizens, such as mobile numbers, Aadhaar numbers, passport numbers, voter ID details, and family member information. These reports suggested that the data originated from the CoWIN database, which was used by Indian residents for registering COVID-19 vaccinations. However, Minister of State for Information Technology Rajeev Chandrasekhar has refuted this claim.
In a notable data breach, it has been reported that the personal information of hundreds of thousands of Indian individuals who received the Covid vaccine was allegedly leaked on a Telegram channel. According to various sources, this breach revealed critical details such as registered phone numbers from the Union Ministry of Health’s CoWin portal, gender, ID card information, and date of birth. The leaked information could be accessed through a Telegram bot by entering an individual’s name.
Media reports indicate that even prominent figures, including Kalvakuntla Taraka Rama Rao (popularly known as KTR), the Minister of Information and Communication Technology of Telangana, Kanimozhi Karunanidhi, a Member of Parliament (MP) from the Dravida Munnetra Kazhagam (DMK) party, K Annamalai, the Bharatiya Janata Party (BJP) President of Tamil Nadu, Karti Chidambaram, a Congress MP, and Harsh Vardhan, a former Union Minister of Health from the BJP, were among those whose personal information was exposed.
In a tweet, Chandrasekhar stated that the bot was accessing data that had been stolen in a previous leak, and there is no clear indication of a direct breach in the CoWIN database. However, he did not provide specific details regarding the source of the breach. Chandrasekhar credited this information to the Indian Computer Emergency Response Team (CERT-IN), which is responsible for addressing cybersecurity threats and has been assigned to investigate the matter and prepare a report.
Following media reports, the bot responsible for the data leak was disabled; however, experts have expressed serious concerns about the incident, as the leaked data could potentially be exploited for identity theft, phishing emails, scams, and extortion calls. The Indian Computer Emergency Response Team (CERT-In), the government’s nodal agency for cybersecurity, has launched an inquiry into the matter. The government clarified that the reports of a data leak from the repository of Covid vaccine beneficiaries were misleading, stating that the bot did not directly access the CoWIN database.
According to the initial report by CERT-In, the bot might have been displaying information from previously stolen data. The Ministry of Health denied any breach and emphasized that the data could not be accessed by any bot without authenticating using a one-time password. The ministry stated that the CoWIN portal is secure, with robust measures in place for data privacy, including a web application firewall, anti-DDoS, SSL/TLS, regular vulnerability assessments, and identity and access management.
Minister of State for Information Technology Rajeev Chandrasekhar tweeted that there seemed to be no direct breach of the CoWin application or database, and the shared data appeared to originate from a prior breach. However, this breach highlights the persistent threat of cyber threats, particularly targeting government websites. Earlier this year, cybercriminals hacked the servers of the All India Institute of Medical Sciences.
Although the exact number of individuals affected by the privacy breach on CoWIN has not been confirmed, recent data suggests that over 95% of adult Indians have received their vaccines. As of now, the total number of vaccine doses administered stands at approximately 2.2 billion. In 2021, a cyber intelligence firm, Cyfirma, had issued a warning about potential attacks on CoWIN servers by hackers from China and North Korea.