VOOZH about

URL: https://www.geeksforgeeks.org/upsc/cowin-data-breach/

⇱ CoWIN Data Breach - GeeksforGeeks

  • Courses
  • Tutorials
  • Interview Prep

CoWIN Data Breach

Last Updated : 21 Aug, 2025

The CoWIN Data Breach is one of the largest data breaches that happened in India. It had data on vaccinated Indians. The CoWIN data breach reportedly happened in June 2023. It raised questions about the security of personal data. Reportedly, it is said that a telegram bot has leaked the data of the CoWIN portal.

According to the government, the data which was breached was old and no telegram bot can take out the data without OTP. The government’s response was ambiguous and it raised questions about data security and protection.

In this article, we will read about the CoWIN Data Breach that happened in June 2023, along with how it leaked, the Government's response to it, and others in detail.

Also Read: Data Breach


What is CoWIN Portal?

CoWIN is a digital platform which is developed by the Union Ministry of Health and Family Welfare. CoWIN stands for COVID Vaccine Intelligence Network. It is integrated with the Aarogya Setu app. It was developed in 2021.

  • eVIN: It is a vaccine intelligence system. eVIN is responsible for providing real-time feedback on the stock of vaccines, temperature fluctuations power outages, etc
  • Booking slots: It helps in booking slots for COVID-19 vaccinations in nearby areas.
  • Vaccination: It helps in planning, implementation, monitoring, and evaluating COVID-19 vaccination in India.

CoWIN Data Breach Due to Telegram Bot

Telegram bot is an automated response bot that is used for various purposes such as sharing news, quizzes, etc. According to reports when the mobile number was entered into the telegram bot, it was giving personal data of CoWIN users. The name of the user, the place they got vaccinated, and the government ID which was used for verification were released by the government for example Aadhar, passports, etc.

Government Response to the CoWIN Data Breach

According to the government, CoWIN records only the year of birth and not the date of birth.

  • CoWIN doesn't store the address of a user
  • OTP is needed to access the data and thus telegram bot cannot do it without the OTP
  • The source is not CoWIN directly but some previously breached data was released
  • CERT-In has been asked by the Ministry of Health to investigate and give a report about it
  • According to experts, CoWIN has security flaws and the government has ignored it
  • CoWIN is vulnerable to hackers because it doesn't use end-to-end encryption or HTTPS protocol for the transmission of data

What is Data Protection?

Protecting data from being compromised and being used illegally. The sensitive data is protected from loss, corruption or damage. The data which is being stored these days has increased drastically and thus, data protection is also needed.

Difference between Personal Data & Non-Personal Data

The difference between personal data and non-personal data is as follows

Personal Data

Non-Personal Data

The data which can be used to identify any individual.

The data which cannot be used to identify any individual.

Different information which can be compiled and used to identify/locate any individual.

No individual can be identified/located by using this data.

People Also Read:

Conclusion - CoWIN Data Breach

The CoWIN data breach raised many questions about data security. It is not certain that the database was compromised. The status of the CERT-In report is still uncertain. There is a need for better data protection measures. There should also be increased transparency about such breach incidents. The incident and well government response are both worrisome.

Comment