The personal information of individuals who registered on the Indian government's CoWIN portal to receive COVID-19 vaccines was accidentally made accessible via a Telegram bot for a certain period of time. This information was independently verified by the Malayala Manorama newspaper and supported by a Twitter thread by All India Trinamool Congress Spokesperson Saket Gokhale who shared screenshots of the leaked data.
According to the report and the spokesperson of TMC, data included details such as the person's identification number (such as Aadhaar, passport, or PAN card), gender, date of birth, and the vaccination center where the shot was administered. Even if the Aadhaar number was used instead of the phone number, the information could still be accessed. The passport numbers of individuals who updated their CoWIN portal for international travel were also exposed, according to the report.
Business Today could not independently verify the leaked data on Telegram.
Details Connected to Registered Phone Numbers
Initially, all the details of individuals who registered under the same phone number were accessible through the bot on Telegram. This means that if multiple family members registered using one phone number, their information was also available.
In contrast, the CoWIN portal requires individuals to enter a One Time Password (OTP) received on their phone to access such details. However, on the Telegram channel, this information was available without needing an OTP.
Also read: Google Pay users can now use Aadhaar for UPI activation; here's how
Prominent politicians, journalists' data seemed to have been leaked in this breach. Saket Gokhale, the national spokesperson for the Trinamool Congress, tweeted some of the names along with screenshots of their leaked data on Telegram. This includes politicians like Derek O'Brien, P Chidambaram, Jairam Ramesh, and K C Venugopal, as well as journalists Rajdeep Sardesai and Barkha Dutt.