Personal data leak from CoWIN portal through Telegram, Govt begins probe

New Delhi: The Centre is said to have launched an investigation into an automated account on the messaging platform Telegram, which purportedly shared sensitive personal information of Indian citizens who registered on the CoWIN portal for their Covid-19 vaccination.

The alleged leak includes Aadhaar and passport numbers, potentially impacting over 100 million individuals who received vaccinations through the portal.

According to a report published in The Indian Express, the authorities have acknowledged the issue and are actively seeking the source of the alleged leak, as well as assessing whether the data has fallen into the wrong hands.

The Telegram account, which has since become inactive, was discovered to be sharing personal details of high-profile politicians, senior bureaucrats, and regular individuals who had signed up for the CoWIN portal.

The compromised information, accessible when users messaged the phone number they used to register on CoWIN to the automated account, included the individual's name, government ID used for vaccination, and vaccination location. Disturbingly, the bot could also unveil the details of other individuals registered on CoWIN through the same phone number, allowing for the potential exposure of numerous people's personal data.

Prominent figures allegedly affected by the breach include Rajya Sabha MPs Sanjay Raut, Derek O'Brien, and former Union Minister P Chidambaram, among others, according to Saket Gokhale, national spokesperson of the Trinamool Congress.

CoWIN, the government's vaccination portal, had previously emphasized its robust security infrastructure and claimed to have never experienced a security breach. However, questions have arisen regarding the data breach, and the CEO of the National Health Authority, RS Sharma, who played a key role in developing the CoWIN portal, has not yet responded to requests for comment on the matter.