A man from Bihar has been arrested for allegedly leaking personal data of those who registered on the CoWIN portal to get their coronavirus vaccines, the Delhi Police said on Thursday.
The man is accused of creating a bot on a Telegram group that was providing details like names, date of birth, phone, passport and Aadhaar numbers of individuals who registered for vaccination on the government-funded portal, reported The Indian Express. CoWIN holds the data of more than 110 crore persons.
The bot, which was taken down on June 12, could fetch the personal details of an individual if their phone or Aadhaar number was entered.
The Delhi Police Special Cell’s Intelligence Fusion and Strategic Operations is questioning the arrested man’s mother, who is a healthcare worker in Bihar, reported The Indian Express. The police suspect that he took his mother’s help to breach the system.
“We know he was not selling the data to anyone in particular,” an unidentified police official told the newspaper. “He tried hacking the system and was successful. When he realised he could put all the data online, he did. We don’t think he had any other ulterior motives.”
The alleged breach was first reported by The Fourth, a Malayalam news portal, after it accessed details of Kerala Health Minister Veena George, CoWIN panel chairperson Ram Sewak Sharma, Congress General Secretary KC Venugopal and Union Minister Meenakhi Lekhi.
The News Minute was able to get access to details of Lok Sabha MP Kanimozhi Karunanidhi, Telangana minister Kalvakuntla Taraka Rama Rao, Former Union minister Harsh Vardhan, Bharatiya Janata Party Tamil Nadu chief K Annamalai and Congress MP Karti Chidambaram through the bot on the Telegram group. All of them except Vardhan confirmed the veracity of the details the news website got from the bot.
On June 12, Union minister Rajeev Chandrasekhar had said that the data was most likely accessed from previously breached databases.
The Union Minister of State for Electronics and Information Technology had said that the CoWIN portal was not “directly breached”. However, the Union health ministry asked the Indian Computer Emergency Response Team, the nodal cyber security agency, to investigate the issue and submit a report.