NEW DELHI, 21 Jan: Personal data of thousands of people in India have been leaked from a government server which includes their names, mobile numbers, addresses and Covid test results, and this information can be accessed through online search.
The leaked data have been put on sale on Raid Forums website, where a cyber criminal claims to have personal data of over 20,000 people.
The data put on Raid Forums shows names, ages, genders, mobile numbers, addresses, dates and results of Covid-19 reports of these people.
Cyber security researcher Rajshekhar Rajaharia also tweeted that personally identifiable information (PII), including names and Covid-19 results are made public through a content delivery network (CDN).
He said that Google has indexed lakhs of data from the affected system.
“PII including Name, MOB, PAN, Address etc of #Covid19 #RTPCR results & #Cowin data getting public through a Govt CDN. #Google indexed almost 9 Lac public/private #GovtDocuments in search engines. Patient’s data is now listed on #DarkWeb. Need fast deindex,” Rajaharia said in his tweet.
An email query sent to the electronics & IT ministry did not elicit any reply.
The sample document shared on Raid Forums shows that the leaked data were meant for uploading to the CoWIN portal.
The government has heavily relied on digital technologies in terms of controlling and creating awareness about the Covid-19 pandemic as also its vaccination programme. Several government departments mandate people to use the Aarogya Setu app for Covid-19 related services and information.
Rajaharia in a follow-up tweet on 20 January said that he is not reporting any vulnerability in this incidence but cautioning people to remain alert from fraud calls, offers related to Covid-19, etc, that they may get as their data is being sold in the dark web.
Data sold in the dark web are often exploited by cyber criminals and fraudsters for various kinds of frauds. (PTI)