CoWin data breach: Personal details of India's Covid vaccine recipients leaked on Telegram, govt refutes reports

12 June,2023 07:05 PM IST |  Mumbai  |  mid-day online correspondent

Government of India has refuted media reports of a major data breach in the Covid vaccination portal CoWIN. The reports allege a breach of data from the Co-WIN portal of the Union Health Ministry, which is the repository of all data of beneficiaries who have been vaccinated against Covid

Screenshot of leaked details of Congress leader P Chidambaram by Telegram bot (Credit: Saket Gokhale)


Government of India has refuted media reports of a major data breach in the Covid vaccination portal CoWIN. The reports allege a breach of data from the Co-WIN portal of the Union Health Ministry, which is the repository of all data of beneficiaries who have been vaccinated against Covid.

In a statement, the Union Health Ministry said: "Certain posts on the social media platform Twitter have claimed using a Telegram (online messenger application) BOT, the personal data of individuals who have been vaccinated is being accessed. It is reported that the BOT has been able to pull individual data by simply passing the mobile number or Aadhaar number of a beneficiary," the statement said.

Earlier, claims of a massive data breach emerged on Monday. The purported breach has affected all Indian citizens - including high-profile political leaders - who had uploaded their information on the CoWIN vaccination portal. The leaked data is reportedly available on social media platform Telegram and can now be accessed by any user. The data includes personal information of Indian citizens, including their Aadhaar card, and PAN card details.

The list of people whose data has been leaked includes Telangana's minister of information and communication technology, Kalvakuntla Taraka Rama Rao (popularly known as KTR), DMK MP (member of Parliament) Kanimozhi Karunanidhi, BJP Tamil Nadu president K Annamalai, Congress MP Karti Chidambaram and former union minister of Health Harsh Vardhan of the BJP, according to a media report.

The development was flagged by Opposition leaders including TMC's Saket Gokhale who tweeted his interactions with the Telegram chatbot.

A news report said that when a mobile number registered with the CoWIN portal is entered, the Telegram bot discloses the number of the ID card used for vaccination along with gender, birth year, and name of the vaccination centre, and his/her doses. With this massive data breach, the Aadhaar card, voter ID, and PAN card numbers of Indian citizens are accessible to anyone on Telegram.

Midday could not independently verify this report.

Sharing the news on her Twitter handle, member of Parliament Supriya Sule said, "The government owes us immediate clarification and must ensure those responsible for this breach are held accountable."

Sharing a screenshot of his alleged data leak on the Telegram bot, MP Karti Chidambaram wrote on Twitter, "In its Digital India frenzy, GoI has woefully ignored citizen privacy. Personal data of every single Indian who got COVID-19 vaccination is publicly available. Including my own data. Who let this happen? Why is GoI sitting on a data protection law? @AshwiniVaishnaw must answer."

"Exciting news! Mid-day is now on WhatsApp Channels Subscribe today by clicking the link and stay updated with the latest news!" Click here!
indian government news Covid 19 Coronavirus india India news health minister
Related Stories