Union minister Rajeev Chandrashekhar on Tuesday reiterated that the personal details of Indian citizens provided by an automated account on the messaging application Telegram were prima facie not leaked from CoWIN app even as the data included the location of their last Covid vaccination. CoWIN is the repository of all data of beneficiaries who have been vaccinated against Covid-19.

Chandrashekhar, the minister of state for Electronics and IT, said that the country's nodal cyber security agency CERT-In reviewed the matter and reported that the alleged leaked details were “either fake or had been collected from some other source by some third party threat actor.” He alleged that there are many “forces and interests” in the world that want to undermine the government portal used for vaccination registration.
“I believe that yesterday's alleged breach of CoWIN was one more instance of people trying to target the CoWIN app,” Chandrashekhar said.
“Agency that is tasked with dealing with cybersecurity breaches is investigating the matter. Yesterday prima facie they already reported that the data reported by Telegram bot was not from CoWIN app. Data was either fake or had been collected from some other source by some third party threat actor,” he added.
CoWIN ‘data breach’ highlights urgent need for data privacy law: Experts
Opposition parties on Monday demanded an inquiry into the data breach claims and asked the government to take deterrent action. Congress leaders alleged it was a case of "criminal negligence" and asked why the government was sitting on a data protection law.
{{/usCountry}}Opposition parties on Monday demanded an inquiry into the data breach claims and asked the government to take deterrent action. Congress leaders alleged it was a case of "criminal negligence" and asked why the government was sitting on a data protection law.
{{/usCountry}}"In its Digital India frenzy, GoI has woefully ignored citizen privacy. Personal data of every single Indian who got the COVID-19 vaccination is publicly available. Including my own data. Who let this happen? Why is GoI sitting on a data protection law?" Congress MP Karti Chidambaram said.
CoWIN ‘data leak’: How a bot reignited privacy fears
The health ministry said in a statement that there was no basis for the reports alleging the breach of data from the CoWIN portal.
"Only OTP authentication-based access of data is provided. All steps have been taken and are being taken to ensure the security of the data in the CoWIN portal," the ministry said.
"CERT-In in its initial report has pointed out that the backend database for the Telegram bot was not directly accessing the APIs of the CoWIN database," the statement said.
It said certain Twitter users have claimed the personal data of individuals who have been vaccinated is being accessed using a Telegram (online messenger application) Bot.