Aadhaar, PAN card data of COVID vaccine takers’ leaked on Telegram via CoWIN portal: Report

CoWIN data breach: who has been affected and how?

A Malayalam news portal, The Fourth News, has reported that the breach occurred due to vulnerabilities in the CoWIN portal. This portal was used by people to register their personal information for Covid vaccination purposes.

The report highlighted that when a phone number registered with the CoWIN portal is entered, a Telegram bot shares the corresponding ID card number used for vaccination, along with other details, including the users’ gender, birth year, name of the vaccination center, and vaccine doses information.

This breach has resulted in the exposure of crucial data such as the Aadhaar card, voter ID, and PAN card numbers of citizens, making them accessible to anyone on Telegram.

The list has some prominent names, including Rajya Sabha MP and TMC Leader Derek O’Brien, former Union Minister P. Chidambaram, Congress leaders Jairam Ramesh and K.C. Venugopal, chairman of CoWin high power panel Ram Sewak Sharma, Union Minister of State Meenakshi Lekhi, and several others.

In 2021, there were reports suggesting that the CoWIN portal had been hacked, leading to the alleged sale of the personal data of 15 crore individuals. However, cybersecurity researchers have denied these claims and found no evidence to support them.

In fact, as recently as January this year, RS Sharma, the Chief Executive Officer of the National Health Authority, assured the public that the data of citizens stored in the CoWIN portal is completely safe and secure.