© The Indian Express Pvt Ltd
Tags:
Journalism of Courage
The Centre has taken note of an automated account on messaging platform Telegram that was allegedly sharing sensitive personal information of Indian citizens – including their Aadhaar and passport numbers – who signed up for the CoWIN portal for their Covid-19 vaccination.
The Indian Express has learnt that a probe is underway to assess the source of the alleged leak and if the data has fallen into the hands of people outside the government’s domain. The Telegram account was sharing personal information of high-profile politicians from across political parties and senior bureaucrats, apart from regular individuals.
“We have certainly taken cognisance of the issue and have initiated a probe into the root cause and whether the data is coming from CoWIN or some other source,” a senior official from the Electronics and IT Ministry told The Indian Express.
The alleged leak could impact more than 1oo core individuals who have secured vaccinations after signing up through the CoWIN portal. This includes more than 4 crore children between the age of 12-14 and over 37 crore people over the age of 45, a significant part of which could be senior citizens.
The Telegram account, which has been inactive since Monday morning, was showing personal details of people when the phone number through which they had signed up for the CoWIN portal was messaged to the automated account, known as a bot in common parlance.
The Telegram bot showed the name of the person, the government ID they used while getting the vaccination and where they got their vaccination. In fact, the bot was also able to reveal all the people that were registered to CoWIN through the same phone number – the portal allows for one person to create accounts of multiple individuals using the same phone number.
According to Saket Gokhale, national spokesperson of the Trinamool Congress, the bot allegedly revealed personal information of Rajya Sabha MPs Sanjay Raut and Derek O’Brien, and former Union Minister P Chidambaram, among others.
In January last year, RS Sharma, CEO of the National Health Authority (NHA) claimed that CoWIN has “state-of-the-art security infrastructure” and has “never faced a security breach”. Sharma, who is a key figure behind the CoWIN portal, did not respond to requests for comment about the alleged data breach.
Since Monday morning, the bot has been inactive on Telegram, with a message on a corresponding group reading: “Aadhaar and number search mode is not available right now”. The bot was taken down after some media outlets reported on its existence and how it was functioning.
