Global Courant
DELHI – The Government of India is investigating reports that a portal belonging to the Ministry of Health was breached containing personal details of everyone in the country who received a Covid-19 vaccination.
On Twitter, users have posted screenshots of a bot that uses Telegram, an encrypted messaging app, to retrieve individual data from mobile phone numbers entered into the portal.
Among the personal details disclosed were a person’s social security number, passport number and date of birth. The leak could potentially affect more than a billion Indian citizens who have received at least one dose of vaccine.
Mr. Rajeev Chandrasekhar, India’s Minister of State for Electronics and Information Technology, said on Twitter that while the bot was “vomiting” details from the CoWIN vaccination portal, it does not appear to be a direct breach.
India’s health ministry said in a statement on Monday that the reports were “unfounded and mischievous in nature”, adding that the portal was “completely secure with adequate data privacy safeguards”.
Telegram said they disabled the bot.
“Telegram moderators routinely delete any private data shared without permission, and this has been done in the case of this bot,” the spokesperson said Monday. BLOOMBERG