CBSE admits security breach: What led the board’s U-turn on OSM controversy, explained

CBSE has acknowledged vulnerabilities in the digital platform used for evaluating Class 10 and 12 answer sheets, marking a significant shift from its earlier stance that no security breaches had affected the system.

The development comes amid growing scrutiny over the board's new On-Screen Marking (OSM) system, following complaints from students, allegations by ethical hackers and questions over the tender process used to award the contract.

The row centres on CBSE's new On-Screen Marking (OSM) system, introduced this year to digitise the evaluation of board exam answer sheets.

Under the system, physical answer sheets are scanned and uploaded to an online portal, where teachers assess them digitally. CBSE said the move was aimed at improving efficiency, transparency and reducing human error.

However, after Class 12 results were announced, students began reporting discrepancies between their original answer sheets and the digital copies shared with them.

Some alleged that:

In a statement posted on X, CBSE said it had been closely monitoring vulnerabilities identified in the OnMark portal operated by its service provider.

The board said cybersecurity experts from government agencies and the Indian Institutes of Technology (IITs) had been deployed to strengthen the system.

According to CBSE, the identified vulnerabilities have been contained and additional security checks are being carried out to ensure no exploitable weaknesses remain.

The board also thanked ethical hackers and citizens who flagged potential security issues.

Earlier this week, CBSE maintained that no security breaches had affected the portal used for actual evaluation work.

The board had argued that a website highlighted by hackers was only a testing platform and did not contain live examination data.

Its latest statement, however, acknowledges that vulnerabilities existed within the ecosystem and required intervention from cybersecurity specialists, signalling a more cautious approach to the issue.

A 19-year-old ethical hacker, Nisarga Adhikary, claimed he gained access to evaluators' accounts and answer-sheet data through weaknesses in the system.

He alleged that vulnerabilities could potentially allow access to:

Adhikary said he reported multiple security concerns to India's Computer Emergency Response Team (CERT-In).

Separately, he later alleged that answer sheets and question papers stored in a cloud server were publicly accessible online.

The controversy gained national attention after a Class 12 student claimed the scanned copy of his physics answer sheet did not match the paper he had submitted.

The student said the digital version contained different handwriting and answers to questions he had not attempted.

His complaint went viral on social media, prompting dozens of students to report similar concerns.

The incident raised broader questions about the reliability of the OSM system and the accuracy of digital evaluations.

The OSM system has also come under political scrutiny.

Congress leader Rahul Gandhi questioned the transparency of the tender process used to select the vendor responsible for the digital evaluation platform.

He alleged that technical eligibility criteria were modified multiple times before Hyderabad-based Coempt Eduteck secured the contract.

According to the allegations, requirements relating to scanning standards, equipment and software certifications were relaxed during the bidding process.

Education Minister Dharmendra Pradhan acknowledged that discrepancies had emerged during the first large-scale use of the OSM system.

He said the government was committed to resolving genuine student grievances and ensuring that no concern remained unaddressed.

The minister also deployed technical experts from leading institutions to support CBSE's review and re-evaluation process.

CBSE says cybersecurity experts are continuing to audit and strengthen the platform while investigations into student complaints continue.

The board has invited ethical hackers and researchers who identify vulnerabilities to report them directly to its security team.

Meanwhile, hundreds of thousands of students have already requested scanned or physical copies of their answer sheets, ensuring that scrutiny of the digital evaluation system is likely to continue in the weeks ahead.