A sample document shared on the Raid forum shows that the leaked data was meant to be uploaded on the CoWin portal. However, the government has clarified that no data has been leaked.
Personal data of thousands of people in India is reported to have been leaked from a government server. It is said that this includes their name, mobile number, address and Covid test result. It is being told that these information can be accessed through online search. The leaked data has been put up for sale on the website of Red Forum, where a cybercriminal is claiming to have personal data of over 20,000 people. The name, age, gender, mobile number, address, date and Covid-19 report of the people have been shown in the data put on the Red Forum.
Made public via CDN
Cyber security researcher Rajasekhar Rajhariya also tweeted that personally identifiable information (PIIs) including names and COVID-19 results have been made public through a CDN. He said that Google has indexed millions of data from the affected systems. The PII includes the name, MOB, PAN, address etc of COVID-19, RTPCR result and covin data and all these are being made public through a government CDN. Google has put about 9 lakh public/private government documents in the search engine.
The data was to be uploaded on the covin portal
An email query sent to the Ministry of Electronics and IT in this regard did not elicit any response. A sample document shared on the Raid forum shows that the leaked data was meant to be uploaded on the CoWin portal. The government has relied heavily on digital technologies in terms of creating awareness about the COVID-19 pandemic and its vaccination programme. Many government departments compel people to use the Aarogya Setu app for COVID-19 related services and information.
The government denied the news of the leak
On this matter, the government said that many media reports have claimed that the data stored in the CoWin portal has been leaked online. It is clarified that no data has been leaked from the Covin Portal and the entire data of the people is safe on this digital platform. The Union Ministry of Health and Family Welfare will investigate this news. Prima facie this claim is not correct as Covin neither collects the address of an individual nor does the RT-PCR test result.
At the same time, the Ministry of Health and Family Welfare said that in connection with the data leak from CoWin, we are getting the matter investigated. However, prima facie it seems that the alleged data leak is not related to CoWin as we neither collect any information about the COVID-19 status of the beneficiaries nor the address.