October 1, 2023

Massive Data Breach Exposes Personal Information of Indian Citizens on CoWIN Portal


Alarming news emerged on Monday as a report revealed a significant data breach affecting Indian citizens who registered on the CoWIN portal, the government-run platform for COVID-19 vaccinations. The report claimed that personal information, including Aadhaar card and PAN card details, is available on the messaging platform Telegram. The breach has raised concerns about privacy and the security of sensitive data, potentially impacting millions of individuals who have received vaccinations through the CoWIN portal.

Details of the Data Breach:

According to the report, when a mobile number registered with the CoWIN portal is entered into a Telegram bot, it discloses the associated ID card number used for vaccination, along with the individual’s gender, birth year, name of the vaccination center, and details about their doses. This means that anyone with access to Telegram can potentially obtain personal information, including Aadhaar card, voter ID, and PAN card numbers of Indian citizens.

Implications and Potential Impact:

The alleged data breach could have severe consequences, affecting over 100 crore (1 billion) individuals who have registered and received vaccinations through the CoWIN portal. This includes more than 4 crore children between the ages of 12-14 and over 37 crore individuals aged 45 and above, a substantial number of whom are senior citizens. The exposure of such sensitive personal data raises concerns about identity theft, fraud, and potential misuse of the information.

Investigation and Response:

In response to these serious allegations, a technical team from the Health Ministry is conducting an investigation into the data breach of the CoWIN platform. They are thoroughly reviewing all application programming interfaces (API) associated with CoWIN to identify and address any vulnerabilities that may have been exploited. The Health Ministry is expected to issue a clarification regarding the breach, reassuring the public and outlining steps taken to address the issue. Additionally, the Telegram bot responsible for publishing this sensitive information has been disabled.

Protecting Citizen Data and Ensuring Security:

Data breaches pose a significant threat to individuals’ privacy and can lead to various forms of exploitation. It is crucial for government agencies and organizations to prioritize data security and implement robust measures to safeguard citizen information. In light of this breach, it is imperative that the CoWIN portal and other systems handling sensitive data undergo comprehensive security audits and adopt stringent protocols to prevent future breaches.


The reported data breach of personal information on the CoWIN portal raises serious concerns about data security and privacy for millions of Indian citizens. The availability of Aadhaar card, PAN card, and other sensitive details on Telegram poses a risk of identity theft and fraud. The investigation by the Health Ministry’s technical team and their subsequent actions to address the breach are crucial in restoring public trust. It is essential for authorities to strengthen data protection measures and ensure the security of citizen information to prevent such breaches from recurring in the future.