A massive data breach of the CoWIN portal, the central platform for COVID-19 vaccination registration in India, has put the personal data of Indian citizens at risk. The alleged CoWIN data breach has put the personal information of every Indian citizen who is registered with the CoWIN portal available on messaging app Telegram. According to the official portal, CoWIN boasts a user base of over one billion registered users. Political leaders and privacy watchers have started sharing the screenshots of the apparent leaked data.
The CoWIN data breach incident has raised concerns over the portal’s security and the rise of hackers targeting Indian government and institutions. The accessibility of Aadhaar cards, Voter IDs, and PAN Card numbers on Telegram is a grave matter that demands urgent attention.
According to regional political leader Saket Gokhale, when a mobile number registered with the CoWIN portal is entered into a Telegram bot, it discloses the number of the ID card used for vaccination, along with details such as gender, year of birth, and the name of the vaccination center where the individual received their doses. Moreover, this data leak has also exposed the Aadhaar card, Voter ID, and PAN Card numbers of thousands of Indian citizens, rendering them accessible to anyone on Telegram.
While the CoWIN portal supposedly had a One Time Password (OTP) security system, it remains unclear how this data leak occurred on Telegram.
The CoWIN hacking and data breach incidents put sensitive data at risk. The authorities must investigate this breach thoroughly, identify the vulnerabilities in the system, and take immediate steps to strengthen the security infrastructure to prevent such incidents in the future.
The privacy and personal information of Indian citizens must be safeguarded, and trust in the CoWIN platform must be restored. The Cyber Express team has reached out to the Ministry of Health and Family Welfare to confirm the CoWIN data breach. However, at the time of writing, no official response had been received.
Various news reports have confirmed that if multiple individuals had registered from the same mobile number, the Telegram bot would reveal the details of all individuals in one go. This means that if a family had booked vaccine slots for multiple members using the same mobile number, their personal information would be exposed collectively.
Personal identification information of several top political leaders including India’s Former Union Minister P. Chidambaram, Secretary of the Union Health Ministry, Rajesh Bhushan and his wife, Ritu Khanduri Bhushan who is a Member of the Legislative Assembly from Uttarakhand, Central opposition leaders Jairam Ramesh and K.C. Venugopal, have been exposed.
The CoWIN hacking incident and the need for better security measures
The CoWIN data breach has highlighted the need for improving the security measures of the CoWIN portal. Healthcare organizations and institutions must ensure that they adopt robust cybersecurity measures to protect personal information and sensitive data from malicious attacks.
To prevent such instances, the cybersecurity infrastructure of institutions needs to be constantly updated. While cybersecurity threats have been prevalent for some time, the urgency of putting in place adequate countermeasures has increased with the rise in digitization and reliance on technology to access critical systems.
The CoWIN hacking and data breach incidents put sensitive data at risk. The authorities must investigate this breach thoroughly, identify the vulnerabilities in the system, and take immediate steps to strengthen the security infrastructure to prevent such incidents in the future.
India is not alone in facing such cybersecurity breaches. In recent years, various countries worldwide have experienced similar incidents. It is essential that healthcare organizations and stakeholders take cybersecurity seriously by investing in improved technologies and robust cybersecurity measures.
In conclusion, the CoWIN data breach has put personal information at risk on Telegram, exposing the vulnerabilities in the CoWIN portal’s security system. The Indian government must take immediate action to tighten the portal’s security measures and restore the people’s trust in the system. The accessibility of Aadhaar cards, Voter IDs, and PAN Card numbers on Telegram must be addressed urgently to safeguard Indian citizens’ privacy and personal information.