App sale

Covid-19 related data of thousands of Indians leaked online: report

The personal details of thousands of people in India have been leaked from a government server which includes their name, mobile number, address and Covid test result, and this information can be accessed via an online search.

The leaked data was put up for sale on the Raid Forums website where a cybercriminal claims to have the personal data of over 20,000 people.

The data put on Raid Forums shows the name, age, gender, mobile number, address, date and result of the Covid-19 report of these people.

Cybersecurity researcher Rajshekhar Rajaharia also tweeted that Personally Identifiable Information (PII), including name and Covid-19 results, are made public through a Content Delivery Network (CDN).

He said Google had indexed thousands of data from the affected system.

“PII, including name, MOB, PAN, address, etc. of #Covid19 #RTPCR results and #Cowin data made public via a government CDN. #Google has indexed nearly 9 Public/Private Documents Lac in search engines. Patient data is now listed on #DarkWeb. Need quick de-indexing,” Rajaharia said in his tweet.

An e-mail query sent to the Ministry of Electronics and Computers did not elicit a response.

The sample document shared on the Raid forums shows that the leaked data was meant to be uploaded to the Co-WIN portal.

The government has relied heavily on digital technologies to control and raise awareness of the Covid-19 pandemic as well as its vaccination programme. Several ministries are asking people to use the Aarogya Setu app for Covid-19 related services and information.

Rajaharia in a follow-up tweet on January 20 said he was not reporting any vulnerabilities in this incident, but warning people to remain vigilant for scam calls, Covid-19 related offers, etc. that they might receive as their data is sold in the dark web.

Data sold on the dark web is often exploited by cybercriminals and fraudsters for various types of fraud.

This story was published from a news feed with no text edits. Only the title has been changed.

To subscribe to Mint Bulletins

* Enter a valid email address

* Thank you for subscribing to our newsletter.

Never miss a story! Stay connected and informed with Mint. Download our app now!!