CBSE crisis deepens: Student data exposed, say cyber activists

NEW DELHI: Fresh allegations of massive cybersecurity lapses, data exposure and administrative failures have deepened the controversy surrounding CBSE’s On Screen Marking (OSM) system, with activists now approaching National Human Rights Commission for urgent intervention to protect students’ educational rights, amid continuing disruptions in the board’s post-exam processes.The latest row erupted after independent developers and ethical hackers publicly claimed that sensitive student data, scanned answer sh-eets and question papers linked to CBSE’s digital evaluation infrastructure were exp-osed online because of serious security vulnerabilities.Android developer Sidharth posted on X: “Almost every single OnMark portal built by EduTek is fundamentally insecure, and CBSE is lying to you about the safety of student data. We found default passwords, URL-based RCEs, and raw MD5 hashes. Millions of students are at risk.”Separately, 19-year-old software engineer Nisarga Adhikary alleged on X that CBSE-linked storage systems had been left openly accessible online. “CBSE people didn’t configure their AWS bucket (a public cloud storage container) properly and now we can paginate & enumerate all their media which has 2026 answer sheets & question papers,” he said, claiming “anyone on the internet can download any scanned booklet”.Vulnerabilities contained, claims CBSEEarlier, Nisarga Adhikary had claimed that he had breached parts of CBSE’s digital evaluation infrastructure and flagged alleged security vulnerabilities linked to the OnMark portal. However, CBSE Sunday said vulnerabilities detected in the portal operated by its service provider had been “contained” and that cybersecurity specialists from multiple govt agencies and IITs had been deployed to strengthen systems.The board said it had been actively monitoring vulnerabilities being highlighted in public forums and thanked “ethical hackers” for flagging weaknesses. However, CBSE did not respond to specific queries regarding the alleged AWS exposure claims.Advocate and activist Anubha Shrivastava Sahai has written to NHRC urging it to take suo motu cognisance of the issue and warning that ongoing OSM failures could jeopardise admissions, scholarships and educational opportunities for thousands of students.She also asked NHRC to seek reports from CBSE and the education ministry, direct creation of alternative grievance mechanisms, ensure deadline relaxations for affected students, and prevent any candidate from losing opportunities because of technological failures.