New Delhi : A major development has emerged concerning the digital security of India’s education system, as the Central Board of Secondary Education (CBSE) has officially invited a 19-year-old ethical hacker to help address serious vulnerabilities in its IT infrastructure. The decision comes after the same researcher had earlier flagged “critical security flaws” in the board’s student data portal, claims that were initially denied by CBSE but later prompted a detailed internal and expert review.
Hacker’s Findings Prompt Review
According to sources, ethical hacker Nisarga Adhikari identified multiple security weaknesses last month in the CBSE portal that stores sensitive data of millions of students. His findings reportedly pointed to gaps in access control mechanisms and weaknesses in security protocols governing data handling. While CBSE had initially dismissed any possibility of a data breach or system compromise, the matter was later re-examined following inputs from technical experts.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
The review process has now been expanded to include specialists from the Indian Institutes of Technology (IIT) system. A member of the expert team said the hacker was invited to Delhi for direct discussions so that his methodology and findings could be better understood, and the vulnerabilities could be systematically addressed. Experts acknowledged that the young researcher’s work highlighted meaningful gaps that could help strengthen the overall system.
CBSE Holds Technical Discussions
Officials involved in the process said multiple rounds of technical discussions were held with the ethical hacker after his arrival in Delhi. These meetings focused on understanding how the vulnerabilities were discovered, how data flows within the system, and what corrective measures could be implemented to prevent similar risks in the future. According to experts, the engagement reflects a growing openness in cybersecurity practices, where external researchers are increasingly being treated as valuable contributors rather than outsiders.
The incident has also raised broader concerns about the security of digital infrastructure in educational institutions across the country. Cybersecurity specialists note that student data is highly sensitive and any compromise could have far-reaching consequences, including identity misuse and data leaks. The case has reignited discussions on whether government and semi-government organisations are doing enough to continuously audit and upgrade their cybersecurity frameworks.
Student Data Security Under Focus
Sources further indicate that this is one of the rare instances where CBSE has formally engaged an external ethical hacker to directly assist in system improvement. Earlier, the board had not publicly acknowledged such claims of vulnerabilities in its systems. However, rising concerns flagged by experts and the potential severity of the reported issues have now led to corrective steps being taken.
Experts argue that with the rapid expansion of digital education platforms, the risk of cyberattacks and data breaches has increased significantly. They emphasise that traditional security measures alone are no longer sufficient. Continuous monitoring, penetration testing, and independent security audits are now considered essential to safeguard large-scale public data systems.
IIT Experts Join System Overhaul
A joint team comprising CBSE officials and IIT experts is currently working on strengthening the system’s architecture. Key focus areas include improving data encryption standards, tightening access control systems, and enhancing log monitoring mechanisms to detect suspicious activity in real time. The objective is to ensure that student data remains secure and resilient against evolving cyber threats.
Officials are hopeful that the ongoing security overhaul will result in a significantly stronger and more resilient IT ecosystem in the coming months, reducing vulnerabilities and reinforcing trust in the digital systems used for managing student records nationwide.
