CoWIN data breach: Covid vaccine recipient's data leaked on Telegram
In one of India's most significant data breaches, a Telegram bot leaked phone numbers, Aadhaar numbers, date of birth (DoB) and other vital details of all those vaccinated using the CoWIN platform. Essentially, this means that everyone vaccinated against covid in India in the last three years is at risk of having their details leaked in public. The Telegram bot, which was likely active for days and shared details of everyone who got vaccinated in India, was suspended on Monday morning.
However, before it was suspended, the bot shared details of people who took the Covid vaccine in India whenever asked for a phone number. In response to the prompts, the bot shared the following information: Name, Mobile number, Aadhaar number or passport number if the passport was used, Voter ID, if available, Place of vaccination, Birthdate, and Address (In some cases).
Interestingly, the bot obtained the details of all the people who had used a particular number to receive the vaccine. So, for example, if the number was used to register the whole family for vaccination, details of all family members are available.
Malayala Manorama first reported the CoWIN data leak report. The report stated that the personal details (Aadhaar number, mobile phone number, name, date of birth and more) of those who took the Covid vaccine were leaked online.
Along with a screenshot of his likely data leak on the Telegram bot, MP Karti Chidambaram share on Twitter, "In its Digital India frenzy, GoI has woefully ignored citizen privacy. Personal data of every single Indian who got COVID-19 vaccination is publicly available. Including my own data. Who let this happen? Why is GoI sitting on a data protection law? @AshwiniVaishnaw must answer."
Sharing the news on her Twitter handle, member of Parliament Supriya Sule said, "The government owes us immediate clarification and must ensure those responsible for this breach are held accountable."
In January 2022, the CEO of the National Health Authority, RS Sharma, said, "#CoWIN has state-of-the-art security infrastructure and has never faced a security breach. Data of our citizens on CoWIN is absolutely #safe and #secure. Any news about data leaks from CoWIN holds no merit"
Responding to the data breach, Meity said, "It is old data, we are still verifying it. We have sought a report regarding the same."