Massive Data Breach Exposes Personal Information of Indian Citizens on Telegram

Ahmedabad : A devastating data breach situation affecting Indian residents, including numerous prominent politicians, has lately come to light. Information on those who signed up for the government’s official Covid vaccination platform, the CoWIN site, was reportedly leaked into the messaging app Telegram on Monday. The information included on Indian people’ Aadhaar cards and PAN numbers is now accessible on Telegram, according to a report by the Fourth News.

The report highlighted that when a mobile number registered on the CoWIN portal is entered into the Telegram bot, it promptly reveals the corresponding ID card used for vaccination, along with other sensitive information such as gender, birth year, name of the vaccination center, and the number of vaccine doses received. This alarming data breach has left the Aadhaar card, voter ID, and PAN card numbers of Indian citizens exposed to anyone on the Telegram platform.

In response to this incident, the developers of the Telegram bot responsible for the leak have taken immediate action by disabling the bot. This move came shortly after the story was brought to light by Manorama. Officials, in collaboration with Hindustan Times, Livemint’s sister organization, assured that thorough audits are conducted whenever such reports emerge, aimed at evaluating database access and security protocols.

The government has acknowledged the news report and stated that there have been discrepancies found in the leaked screenshots of the CoWIN app. While denying any hacking of the CoWIN app, officials have launched an investigation into the possibility of unauthorized access to the application.

The data breach has affected not only the general population but also prominent figures. Reports indicate that Rajesh Bhushan, the secretary of the Union Health Ministry, has fallen victim to the breach. When Bhushan’s number was entered, the report claimed that the last four digits of his Aadhaar number and his date of birth were revealed. Similar details of his wife, Ritu Khanduri, who is a legislator from Kotdwar, Uttarakhand, were also exposed.

Other high-profile individuals impacted by the breach include Ram Sewak Sharma, chairman of the CoWin high-power panel, Kerala Health Minister Veena George, Congress General Secretary KC Venugopal, and Union Minister of State Meenakshi Lekhi.

It is important to note that earlier in 2021, reports emerged suggesting a hacking incident targeting the CoWIN portal, leading to the alleged sale of the database containing records of 150 million individuals. However, cybersecurity researchers later refuted these claims. As recently as January this year, RS Sharma, the CEO of the National Health Authority, vouched for the security of the CoWIN portal, assuring the public that it had never experienced any breaches and emphasizing the absolute safety and security of citizen data.

The latest leak on the Telegram app has raised serious concerns as it allows individuals with contact details to easily access sensitive information including gender, passport numbers, Aadhaar numbers, locations of the first Covid vaccine dose, and dates of birth.

Saket Gokhale, a leader from the Trinamool Congress, expressed deep concern over this extensive data breach affecting citizens and high-profile individuals. Gokhale took to Twitter to bring attention to the severity of the situation, revealing that personal details of all vaccinated Indians, including their mobile numbers, Aadhaar numbers, passport numbers, voter IDs, and even details of their family members, have been leaked and are freely available. Gokhale shared screenshots exposing compromised personal information of TMC leader Derek O’Brien, Congress leader P Chidambaram, KC Venugopal, and journalists like Rajdeep Sardesai and Barkha Dutt.