The personal data of individuals who registered on the central government’s CoWIN portal to receive COVID-19 vaccines has been acquired by unknown hackers group. Twitter handle used by the hackers is @anonymous_leak1, which is now blocked by twitter.
The suspected hackers claim to have acquired complete data of more than a billion records that include every entity who has vaccinated in India.
According to multiple reports, a sample set of data is made available by the suspect hackers with data (such as Aadhaar, passport, or Phone Numbers) used for vaccination including details like gender, date of birth and the vaccination centre where the shot was administered. With this major data leak, the PAN Card, voter ID and Aadhaar card numbers of Indian citizens are accessible to anyone on Darkweb.
As per the report, the passport details of the individuals who updated their CoWIN portal for international travel were also leaked.
According to Malayalam newspaper Malayala Manorama, the secretary of the Union Health Ministry Rajesh Bhushan was among the victims of the data breach. Bhushan’s number was entered and details including the last four letters of the Aadhaar number and birth date were disclosed along with details of his wife Ritu Khanduri, MLA from Kotdwar, Uttrakhand.
Data of armed forces is also leaked in the billion records leak, probably the biggest data leak in known history.
In addition, the personal information of Ram Sewak Sharma, chairman of CoWIN high power panel, Congress General Secretary KC Venugopal, Union Minister of State Meenakshi Lekhi and Kerela Health Minister Veena George has been leaked.
In 2021, reports came out that the CoWIN portal got hacked and resulting in the sale of data of 15 crore citizens. However, the reports were denied by the cyber security researchers.
In January this year, RS Sharma, CEO of the National Health Authority wrote on Twitter, "CoWIN has state-of-the-art security infrastructure and has never faced a security breach. Data of our citizens is absolutely "safe" and "secure". Any news about data leaks from CoWIN holds no merit".
After the latest data breach on Telegram, if anyone has contact with an individual, they can easily access their Aadhaar number, passport number, gender, birth date and address.
Apart from this, the personal details of journalists like Barkha Dutt, Rajdeep Sardesai, and others have also been leaked.
According to a report by India Today, the Union Health Ministry is actively working on a detailed report. The leaked data is being examined to determine the extent and impact of the incident, the report said citing sources.
However, the government has yet to respond officially to the allegations but the data breach has sparked serious concerns about the data security and privacy.