In a concerning development, data and personal information of citizens who registered on the CoWIN app for Covid-19 vaccination, are allegedly now available freely on Telegram app. The information can be accessed easily using a Telebram bot. According to media reports, the bot has been allegedly giving away details like date of birth, phone number, Aadhar details, PAN number, and even passport details, among others and the same can be accessed by anyone.
The information can be easily fetched by entering the phone number or Aadhar number of an individual.
According to a report by The News Minute, that attempted to access the details using the bot, details of several politicians such as Telangana's Minister of Information and Communication Technology Kalvakuntla Taraka Rama Rao (popularly known as KTR), DMK Member of Lok Sabha Kanimozhi Karunanidhi, BJP Tamil Nadu President K Annamalai, Congress Member of Lok Sabha Karti Chidambaram, and Former Union Minister of Health Harsh Vardhan of the BJP, were easily accessed. And the details were verified.
A tweet by All India Trinamool Congress spokesperson Saket Gokhale revealed the details of Rajya Sabha MP and TMC leader Dered O'Brien, former Union Minister P Chidambaram, Congress leaders Jairam Ramesh and K C Venugopal, journalists Rajdeep Sardesai (India Today) and Barkha Dutt (Mojo Story), have also been leaked in a similar way.
Gokhale took to Twitter to write, "There has been a MAJOR data breach of Modi Govt where personal details of ALL vaccinated Indians including their mobile nos., Aadhaar numbers, Passport numbers, Voter ID, Details of family members etc. have been leaked & are freely available."
During the vaccination drive, most Indians had registered on CoWIN using their phone numbers. On CoWIN app, the details of registered users are only visible after entering a one-time password (OTP). In contrast, using the Telegram bot, details could be acessed without the use of an OTP.
According to TNM, when RS Sharma, the Chief Executive Officer of the National Health Authority, who had vouched for CoWIN to be “safe and secure” in January last year, was reached out, he refused to comment on the data breach. He said that the same is possible only via OTP.
When the phone number of Rajesh Bhushan, the Union Secretary to the Ministry of Health was entered on Telegram bot, the details along with his wife's details, who is an MLA from the Kotdwar Constituency in Uttarakhand, were revealed, according to a report by Malayala Manorama.
Further, Gokhale on Twiter addressed the government and raised several questions about the data breach. "How did personal details incl passport no, Aadhaar no., etc. get leaked when Modi Govt claims it follows "strong data security"? Why is the Modi Govt incl Home Ministry NOT AWARE of this leak & why haven't Indians been informed about a data breach?Who has the Modi Govt given access to sensitive personal data of Indians incl Aadhaar & Passport nos. which enabled this leak? (sic)", he wrote.
"This is a matter of serious national concern. And predictably, the Minister in-charge of this is @AshwiniVaishnaw who heads the Electronics, Communications, & IT portfolios in addition to Railways. How long will incompetence of @AshwiniVaishnaw be ignored by PM Modi?" he asked.
The authorities have yet to issue an official satement on the massive data breach.