A man from Bihar was arrested and a juvenile was apprehended in connection with their involvement in the alleged data leak from CoWIN portal, officials said on Thursday.
The man is alleged to have used a Telegram app to leak the data, they said.
There have been claims about a breach of data of citizens registered on the CoWIN platform, and opposition parties have asked the government to take deterrent action.
Also read | Data leak: Govt must stop living in denial
The government has termed such reports "mischievous" and "without any basis" while asserting that the CoWIN portal is completely safe with adequate safeguards for data privacy.
The matter was sent for a review by the country's nodal cyber security agency CERT-In, which said in its initial report, that the backend database for the Telegram bot, which is at the centre of the alleged leak, was not directly accessing the APIs of the CoWIN database.
In a statement, the Union Health Ministry also said that an internal exercise has been initiated to review the existing security measures.
CoWIN portal is a repository of all data of all those who have been vaccinated against Covid-19 in the country.