The Central Board of Secondary Education (CBSE) has acknowledged security vulnerabilities in its digital examination infrastructure after a cybersecurity researcher alleged that scanned Class 12 answer sheets and question papers could be accessed online without proper safeguards.
The controversy emerged after 19-year-old ethical hacker Nisarga Adhikary claimed to have discovered an improperly configured cloud storage system linked to the board's OnMark Services (OSM) portal. His allegations, shared on social media along with screenshots and technical details, quickly sparked concerns about the safety of students' academic records and the security practices followed by institutions handling sensitive examination data.
Nisarga's claims trigger concerns
According to NDTV, Adhikary alleged that a cloud storage bucket hosted on Amazon Web Services had been configured without adequate authentication controls, making examination-related documents accessible to unauthorised users.
According to his claims, scanned answer booklets and question papers stored on the platform could potentially be downloaded by anyone with access to the relevant links. He further alleged that the same storage infrastructure was being used by multiple educational institutions, raising broader concerns about data protection standards.
The claims gained traction online, prompting questions from students, parents and cybersecurity experts about whether confidential examination records had been adequately protected.
Also Read | India's BrahMos push in ASEAN gains pace as Vietnam signs, Indonesia nears deal
CBSE says vulnerabilities have been contained
According to NDTV, responding to the allegations, CBSE said the vulnerabilities identified in the OnMark portal were linked to a service provider and have since been addressed. The board stated that immediate corrective measures were initiated after the issue was brought to its attention.
Officials maintained that the identified weaknesses have been contained and that steps are being taken to strengthen security controls across the platform. CBSE also indicated that the matter was reviewed in coordination with the concerned service provider to prevent similar incidents in the future.
The board's response comes amid growing scrutiny of how educational institutions manage digital records as examination systems increasingly move online.
Also Read | NTA announces CUET retest for over 3,700 candidates after technical glitch hits centres
Focus shifts to data security in education
According to NDTV, the episode has once again highlighted the importance of robust cybersecurity measures in the education sector, where large volumes of personal and academic information are stored electronically.
Experts have repeatedly warned that misconfigured cloud storage systems remain one of the most common causes of accidental data exposure worldwide. Even when no malicious breach occurs, publicly accessible databases can potentially expose sensitive information if security settings are not properly implemented.
