COVID data including phone number and address of thousands of Indians ‘leaked’ online

New Delhi: Cybercriminals have allegedly stolen the data of thousands of people in India, including health workers, from a government server (which has even been indexed in Google search), which includes name, mobile number, address and Covid test results.

Data from over 20,000 Indians is available on the Raid Forums site on the Dark Web, and the hacker claims it comes directly from a government CDN (content delivery network) server.

The same documents are also freely available on Google Search as “Covid Vaccine Registered Recipient List” with keywords such as RT-PCR results.

“PII, including name, MOB, PAN, address, etc. of #Covid19 #RTPCR results and #Cowin data made public via a government CDN. #Google has indexed nearly 9 public/private Lac # GovtDocuments in search engines. Patient data now listed on #DarkWeb. Need quick de-indexing,” cybersecurity researcher Rajshekhar Rajaharia Rajaharia said in a tweet.

The most pressing concern is that the data of thousands of health workers (available in PDF files) has been exposed online in Google search which contains PAN numbers, Aadhaar and other personal details like mobile numbers , address, age, sex, etc.

The IT Ministry or Computer Emergency Response Team India (CERT-IN) have yet to respond to the alleged leak.

“I’m not reporting any #Vulnerabilities here. I’m asking people to be #beware of fraudulent #calls/#offers/#processing etc related to pre/post #Covid19. Data is already for sale on a #DarkWeb forum” , Rajaharia said in another tweet.

Last year, the Ministry of Health and security researchers denied breaching the Covid-19 vaccination data of 150 million Indians, after news of the hack spread online.

The data leak allegedly occurred on the CoWin portal, which is used for vaccination.


Comments are closed.