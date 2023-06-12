Personal information of Indians, including their Aadhaar and passport details, phone number, date of birth and gender, were available on the Telegram app for a brief period of time, according to recent reports and social media posts, which pointed at a security breach related to the CoWIN portal where all these details were available.

It was found that if a phone number was given to a messenger bot, it delivered all of this information, including the location where the Covid vaccination was administered. Apparently, the bot became inactive this morning. As per the reports and screenshots shared on social media, the list of the popular personalities whose data has been leaked include Meenakshi Lekhi, P Chidambaram, K C Venugopal, Veena George, Jairam Ramesh, Kalvakuntla Taraka Rama Rao aka KTR, K Annamalai and Harsh Vardhan.

News18 could not independently verify the claims and has reached out to the Ministry of Electronics and Information Technology (MiETY) as well as Indian Computer Emergency Response Team (CERT-In) for further understanding.

Supreme Court lawyer and cybersecurity expert, Dr Pavan Duggal called this incident a “wake-up call”. “The information that has come out in the public domain has question marks because such details would otherwise not be available in this format. Prima facie, it looks like some kind of data breach.”

“If this kind of data is generated, it obviously shows connection to the CoWIN database. But only a proper criminal investigation would reveal whether there was a data breach targeting critical infrastructure or not and CERT-In can also do a cybersecurity analysis,” he said.

WHAT HAPPENED IN 2021?

In 2021, when reports claimed that there was a possible Cowin data breach, the government had denied the claims.

RS Sharma, CEO of the National Health Authority, had vouched for the CoWIN portal, stating it has state-of-the-art security infrastructure and has never faced a security breach.

“Data of our citizens on CoWIN is absolutely #safe and #secure. Any news about data leaks from CoWIN holds no merit,” he tweeted.

ABSOLUTE SECURITY A MYTH

Dr Duggal, however, said that absolute security doesn’t exist and what was secured yesterday may not be secured today or tomorrow. “If any entity says we are 100% safe, that is not accurate. But we have to find the loopholes which could potentially be misused by cybercriminals,” he added.

According to the cyber expert, only an investigation can tell whether the latest findings are the result of a new hack or a 2021 data breach, but this is a serious case. “This data, which includes all sorts of personal details, can be used to conduct targeted attacks by other cybercriminals,” he said.