Aadhaar, PAN data of COVID vaccine takers leaked on Telegram via CoWIN: Report

tech.hindustantimes.com:

There is alarming news about a major data breach that has put citizens' personal information at risk in our country. The breach includes important details such as PAN and Aadhaar card information. Shockingly, this leaked data has been discovered on the messaging platform Telegram.

The Fourth News has reported that the breach occurred due to vulnerabilities in the CoWIN portal. Many people used this portal to register their personal information for Covid vaccination purposes.

According to the report, when a phone number registered with the CoWIN portal is entered, a Telegram bot shares the corresponding ID card number that was used for vaccination. Along with that, it also reveals other details like the user's gender, birth year, the name of the vaccination centre, and information about the vaccine doses.

In the latest update, the developers of the Telegram bot responsible for exposing sensitive information from the leaked Co-WIN database have now been disabled. This action was taken after Manorama broke the story. Government officials mentioned that a thorough audit is being conducted whenever such reports emerge to check database access.

Furthermore, the government has responded to the news report, stating that discrepancies have been found in the leaked screenshots of the CoWIN app. They have denied any hacking of the CoWIN app but are investigating the possibility of unauthorised access.

According to a Malayalam daily, the Secretary of the Union Health Ministry, Rajesh Bhushan, was among the victims of the data leak. The report claimed that when Bhushan's number was entered, details including the last four digits of the Aadhaar number and date of birth were revealed, along with similar information about his wife, Ritu