Personal data of COVID vaccine recipients 'leaked on Telegram messenger'

CoWIN app
All the personal details that we furnished on the Central govt’s CoWIN portal in order to receive the COVID-19 vaccine are available on the Telegram app for anyone to freely access!

New Delhi: Personal details of citizens uploaded on the Central government’s CoWIN portal so as to receive the COVID-19 vaccine shots were available on the Telegram app for anyone to freely access for a period of time.

Independently verified by Malayala Manorama newspaper and claimed by a Twitter thread this morning with screenshots of the same, if the mobile number of a person was entered, details such as the identification number of the document submitted for vaccination (Aadhaar, passport, PAN card and so forth), gender, date of birth, and the centre where the vaccine was administered, were provided as reply in an instant by the messenger bot in question.

These details could be accessed even if the Aadhaar number was entered instead of the phone number. The passport numbers of those who had updated the CoWIN portal for travel abroad were also leaked.

The details of all those who have registered their names on the CoWIN portal under the same phone number were available in the first instance itself.

Members of many families had registered themselves under a single phone number. So the details about other members of the family were also available on the app.

In contrast, such details are made available on the CoWIN portal only if the One Time Password (OTP) is entered into one’s phone after the number is given. But these details were available on the Telegram channel through a bot without the OTP.

Health secretary’s details on Telegram

When the phone number of Rajesh Bhushan, the secretary to the Union health ministry, was entered, details such as his date of birth, the last four digits of his Aadhaar card, the four digits of the Aadhaar number of his wife Ritu Khanduri Bhushan, who is the MLA from Kotdwar constituency in Uttarakhand, her date of birth, and the place where she was administered the vaccine were available.

The data breach seems to have leaked the details of prominent politicians, especially Opposition leaders, and journalists as well. 

Meanwhile, Saket Gokhale, the national spokesperson for the Trinamool Congress, tweeted some of the names with screenshots of their 'leaked' data on Telegram.

Rajya Sabha MP and TMC leader Derek O'Brien, former Union Minister P Chidambaram, Congress leaders Jairam Ramesh and K C Venugopal, journalists Rajdeep Sardesai of India Today and Barkha Dutt of Mojo Story were among the names revealed by Gokhale furnishing screenshots.

He called the 'leak' a matter of serious concern and asked why isn't the Modi government aware of the leak and why haven't the people been informed of such a data breach of scale.

The bot was blocked soon after the reports of the leak emerged. The authorities concerned are yet to respond to the damning revelation. 

The comments posted here/below/in the given space are not on behalf of Onmanorama. The person posting the comment will be in sole ownership of its responsibility. According to the central government's IT rules, obscene or offensive statement made against a person, religion, community or nation is a punishable offense, and legal action would be taken against people who indulge in such activities.