A major data breach exposing personal details of users through the government’s CoWIN portal on Telegram has been reported on June 12. Union Minister of IT, Rajeev Chandrasekhar, has confirmed the breach and revealed that the data that has surfaced is from previously breached or stolen data. He emphasized that the CoWIN app or database itself did not get directly breached.

Minister Chandrasekhar further addressed the issue by stating that the National Data Governance policy has been finalized to establish a common framework of data storage, access, and security standards across the government.

The leaked personal user details on Telegram included identification numbers such as Aadhaar, passport, or PAN card, as well as gender, date of birth, and the vaccination center where the user received the shot. Even if users had used their mobile numbers instead of Aadhaar numbers, their information could still be accessed. Additionally, the passport numbers of individuals who updated their CoWIN portal for international travel were also exposed.

The Health Ministry has acknowledged the CoWIN data breach in an official statement, refuting reports claiming that the Co-WIN portal is unsafe and emphasizing that it has safeguards in place for data privacy. The ministry has requested the Indian Computer Emergency Response Team (CERT-In) to investigate the issue and provide a report.

The ministry clarified that without an OTP (One-Time Password), vaccinated beneficiaries’ data cannot be shared with any BOT. For adult vaccination, only the Year of Birth (YOB) is captured, contrary to claims made in media posts suggesting that the BOT also mentioned the Date of Birth (DOB). Furthermore, the ministry stated that there is no provision to capture the address of the beneficiary.

To address the breach, the Union Health Ministry has initiated an internal exercise to review the existing security measures of CoWIN. The ministry is taking the matter seriously and is committed to ensuring the privacy and security of user data on the CoWIN portal.

A major data breach exposing personal details of users through the government’s CoWIN portal on Telegram has been reported on June 12. Union Minister of IT, Rajeev Chandrasekhar, has confirmed the breach and revealed that the data that has surfaced is from previously breached or stolen data. He emphasized that the CoWIN app or database itself did not get directly breached.

Minister Chandrasekhar further addressed the issue by stating that the National Data Governance policy has been finalized to establish a common framework of data storage, access, and security standards across the government.

The leaked personal user details on Telegram included identification numbers such as Aadhaar, passport, or PAN card, as well as gender, date of birth, and the vaccination center where the user received the shot. Even if users had used their mobile numbers instead of Aadhaar numbers, their information could still be accessed. Additionally, the passport numbers of individuals who updated their CoWIN portal for international travel were also exposed.

The Health Ministry has acknowledged the CoWIN data breach in an official statement, refuting reports claiming that the Co-WIN portal is unsafe and emphasizing that it has safeguards in place for data privacy. The ministry has requested the Indian Computer Emergency Response Team (CERT-In) to investigate the issue and provide a report.

The ministry clarified that without an OTP (One-Time Password), vaccinated beneficiaries’ data cannot be shared with any BOT. For adult vaccination, only the Year of Birth (YOB) is captured, contrary to claims made in media posts suggesting that the BOT also mentioned the Date of Birth (DOB). Furthermore, the ministry stated that there is no provision to capture the address of the beneficiary.

To address the breach, the Union Health Ministry has initiated an internal exercise to review the existing security measures of CoWIN. The ministry is taking the matter seriously and is committed to ensuring the privacy and security of user data on the CoWIN portal.