COVID-19 Data, Phone Numbers of Thousands Leaked; Govt Denies Co-WIN Breach

The personal data was put on sale on the Raid Forums website.

2 min read
Hindi Female
Edited By :Tejas Harad

A government server was subject to a data breach, with names, phone numbers, addresses, and COVID-19 results of thousands of people being leaked online and put on sale on the Raid Forums website.

As per a report by PTI, a cyber criminal on the website claims to have access to personal data belonging to 20,000 people.

Cyber security researcher Rajshekhar Rajaharia on Wednesday, 19 January, took to Twitter to say that personally identifiable information (PII) has been made public through a content delivery network (CDN) and Google has indexed lakhs of these public and private documents possessed by the government.

In a follow-up post on Thursday, Rajaharia said that his intention is not to highlight any digital vulnerability, but caution people to stay vigilant in the face of fraud calls, offers related to COVID-19, among others.


As per the PTI report, the Ministry of Electronics and IT has not yet responded to a query on the matter.

The Ministry of Health and Family Welfare, however, said later that they were getting the matter examined.

"However, prima facie it appears that the alleged leak is not related to Co-WIN as we neither collect any information on address or the COVID-19 status of beneficiaries," the ministry said.


No Data Has Leaked From CoWIN Portal: Govt of India

Late on Friday evening, the Government of India issued a statement, denying that any data had been leaked from the CoWIN portal.

"There have been several media reports claiming that the data stored in Co-WIN portal has been leaked online. It is clarified that no data has leaked from Co-WIN portal and the entire data of residents is safe and secure on this digital platform," the statement said.

"It is also clarified that while Union Ministry of Health & Family Welfare will enquire into the substance of the news, prima facie the assertion is not correct, as Co-WIN collects neither the address of the person nor the RT-PCR test results for COVID-19 vaccination," the statement further said.

(With inputs from PTI.)

(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)

Read Latest News and Breaking News at The Quint, browse for more from news and india

Topics:  Tech   Data Breach   covid-19 2022 

Speaking truth to power requires allies like you.
Become a Member
3 months
12 months
12 months
Check Member Benefits
Read More