According to a few media reports, breach of data from the Co-WIN portal has been raising concerns. The data leak apparently includes personal information of Indian citizens including PAN number and Aadhaar number. 

Certain posts on the social media platform Twitter have claimed using a Telegram (online messenger application) bot, the personal data of individuals who have been vaccinated is being accessed. It is reported that the BOT has been able to pull individual data by simply passing the mobile number or Aadhaar number of a beneficiary.

Responding to these reports, Union Health Ministry has clarified that all such reports are without any basis and mischievous in nature.  Co-WIN portal of Health Ministry is completely safe with adequate safeguards for data privacy.

Union Health Ministry has requested the Indian Computer Emergency Response Team (CERT-In) to look into this issue and submit a report. In addition, an internal exercise has been initiated to review the existing security measures of CoWIN.

CERT-In in its initial report has pointed out that backend database for Telegram bot was not directly accessing the APIs of CoWIN database.