New Delhi | The Central Board of Secondary Education (CBSE)’s digital evaluation system has come under intense scrutiny after a 19-year-old ethical hacker alleged security weaknesses in the board’s on-screen marking infrastructure. Following the public disclosure of the claims, CBSE acknowledged that vulnerabilities had been identified in a portal operated by its service provider and said corrective measures were already underway to strengthen the platform.
The controversy began when ethical hacker Nisarga Adhikary claimed on social media and his blog that the OnMark portal, used in CBSE’s On-Screen Marking (OSM) ecosystem, contained multiple security flaws. According to him, the vulnerabilities could potentially allow unauthorized access to certain evaluation-related resources. He further alleged that a misconfigured cloud storage bucket exposed scanned answer sheets and question papers, making sensitive educational content accessible online.
FCRF’s Flagship Cyber Law Certification Returns With a New Four-Week Cohort
The allegations quickly gained attention across social media and educational circles, prompting concerns about the security of student records and examination data. In response, CBSE issued a statement on Sunday saying it had been closely monitoring the vulnerabilities that had recently been highlighted in the public domain.
The board stated that immediate corrective action had been initiated after the weaknesses were identified and that efforts were underway to migrate the system to a more secure infrastructure. CBSE emphasized that safeguarding examination-related data remains a top priority and that all reported issues were being reviewed thoroughly.
According to the board, a team of cybersecurity professionals drawn from various government institutions and Indian Institutes of Technology (IITs) has been deployed to conduct a comprehensive security assessment. The experts are examining the platform for vulnerabilities, evaluating potential risks, and implementing additional safeguards to strengthen overall system resilience.
In a notable move, CBSE also expressed appreciation for ethical hackers and citizens who responsibly reported security concerns. The board said that individuals who identify and disclose vulnerabilities play an important role in strengthening digital security and confirmed that it had reached out directly to some of those who brought the issues to its attention.
At the same time, CBSE reiterated that the URL highlighted in social media discussions was not part of the live evaluation environment used for actual answer-sheet assessment. According to the board, it was a testing environment containing sample data rather than the production system used during real examinations. Nevertheless, CBSE acknowledged the seriousness of the concerns and said a detailed technical review had been launched.
The incident has reignited a broader debate about data security and the reliability of digital evaluation systems in India’s education sector. Every year, millions of students appear for CBSE examinations, with answer sheets, marks, and personal information increasingly processed through digital platforms. As a result, any potential security lapse is being viewed not merely as a technical issue but as a matter involving privacy, trust, and institutional accountability.
The controversy has also attracted political attention, with opposition leaders raising concerns over student privacy and the protection of educational records. Meanwhile, education experts, cybersecurity professionals, and parents have called for independent security audits to ensure that student data remains adequately protected.
Cybersecurity specialists argue that large digital platforms handling sensitive information should undergo regular penetration testing, third-party audits, and responsible disclosure programs. A Researcher at Algoritha Security noted that strong technological infrastructure must be complemented by continuous monitoring and proactive risk management. According to the researcher, the timely identification and remediation of vulnerabilities is an essential indicator of a mature cybersecurity framework.
For now, CBSE has assured stakeholders that all security-related concerns are being examined and that necessary measures are being implemented to enhance the safety of its evaluation ecosystem. Students, parents, educators, and policymakers across the country are now awaiting the findings of the ongoing review and the long-term reforms that may emerge from it.
