Days after a massive data leak involving private information of citizens who took the COVID-19 vaccine through the CoWIN portal came to light, a special cell of the Delhi Police arrested a man from Bihar and also apprehended his minor brother in connection with the breach. The arrest was made by the Intelligence Fusion & Strategic Operations (IFSO) unit of the Delhi Police. According to preliminary information shared by police sources, the man who has been arrested allegedly took the help of his mother, who is a health worker, to gather data from the CoWIN portal and allegedly leaked the sensitive data online on Telegram.
Indian Express has reported that according to police sources, the accused was arrested using technical surveillance. The police suspect that the accused took his mother’s help to breach the CoWIN app and later created a Telegram bot to share the citizens’ data.
On June 12, TNM reported how the private information of lakhs of citizens who registered on the CoWIN app to get their COVID-19 vaccine was leaked online. A Telegram bot had shared details of individuals including their names, date of birth, phone number and other details of documentation provided at the time of registration. TNM entered the mobile numbers of various politicians including Telangana Minister KT Rama Rao, DMK MP Kanimozhi Karunanidhi, BJP Tamil Nadu president K Annamalai and many others, who confirmed that the passport numbers returned by the bot were indeed theirs. The story was first broken by Reshma Asokan, a reporter with The Fourth News, a Malayalam news portal.
When TNM reached out to RS Sharma, the Chief Executive officer of the National Health Authority on the data leak, he vehemently denied the possibility of a breach. He told TNM that It is not possible for anyone to access others’ details. Union Minister of State for Electronics & Technology Rajeev Chandrasekhar too claimed that there was no direct breach of the CoWIN app or database, and that the details shared by the bot could be from data that was previously leaked online. However, the explanation did not satisfactorily address people’s concerns and only raised more questions about the data leak.