No data has leaked from Co-WIN portal: Health Ministry refutes reports

As per reports, the leaked data has been put on sale on Raid Forums website where a cyber criminal claims to have personal data of over 20,000 people.

Published: 21st January 2022 09:49 PM  |   Last Updated: 21st January 2022 09:49 PM   |  A+A-


The ICMR was designated as the nodal agency for the collection of vaccination data for such participants by the ministry. (Google Play Store Screengrab)


NEW DELHI: The Union health ministry Friday asserted that no data has leaked from the Co-WIN portal and the entire information of people is safe and secure as this digital platform does not collect either the address of a person nor the RT-PCR test results for Covid vaccination.

"There have been several media reports claiming that the data stored in Co-WIN portal has been leaked online."

"It is clarified that no data has leaked from Co-WIN portal and the entire data of residents is safe and secure on this digital platform," the ministry said in a statement.

"It is also clarified that while Union Ministry of Health and Family Welfare will enquire into the substance of the news, prima facie the assertion is not correct, as Co-WIN collects neither the address of the person nor the RT-PCR test results for COVID-19 vaccination," the statement said.

Personal data of thousands of people in India has been leaked from a government server which includes their name, mobile number, address and Covid test result, and these information can be accessed through online search.

The leaked data has been put on sale on Raid Forums website where a cyber criminal claims to have personal data of over 20,000 people.

The data put on Raid Forums shows name, age, gender, mobile number, address, date and result of Covid-19 report of these people.

Cyber Security researcher Rajshekhar Rajaharia also tweeted that personally identifiable information (PII) including name and Covid-19 results are made public through a content delivery network (CDN).

He said that Google has indexed lakhs of data from the affected system.

"PII including Name, MOB, PAN, Address etc of #Covid19 #RTPCR results & #Cowin data getting public through a Govt CDN. #Google indexed almost 9 Lac public/private #GovtDocuments in search engines. Patient's data is now listed on #DarkWeb. Need fast deindex," Rajaharia said in his tweet.

An email query sent to the Ministry of Electronics and IT did not elicit any reply.

The sample document shared on Raid Forums shows that the leaked data was meant for upload on Co-WIN portal.

The government has heavily relied on digital technologies in terms of controlling and creating awareness about the Covid-19 pandemic as also its vaccination programme.

Several government departments mandate people to use Aarogya Setu app for Covid-19 related services and information.

Rajaharia in a follow-up tweet on January 20 said that he is not reporting any vulnerability in this incidence but cautioning people to remain alert from fraud calls, offers related to Covid-19, etc that they may get as their data is being sold in the dark web.

Data sold in the dark web is often exploited by cyber criminals and fraudsters for various kind of frauds.


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp