How a Scanning System Turned Into a Controversy
Before we get into the NTA controversy, it’s important to understand the CBSE OSM row that made headlines across the country. OSM, or On-Screen Marking, is a system where answer sheets are scanned and evaluated digitally instead of being checked on paper. The goal was to make the evaluation process faster, more efficient, and easier to manage. However, the system soon became the center of a major controversy.
The issue started when students requested copies of their answer sheets and found several problems. Many reported blurry scans that were difficult to read, while others claimed pages were missing. Some students even alleged that the documents they received did not appear to be their own answer sheets. As complaints spread online, questions were raised about the reliability and transparency of the entire process.
The Allegations That Changed Everything
The controversy intensified when a 17-year-old student, Sarthak Sidhant, reviewed public tender documents related to the project. He alleged that important requirements had been altered, including lowering scan quality standards from 300 DPI to 200 DPI and removing certain vendor eligibility clauses. Critics argued that these changes may have favored vendor Coempt EduTeck, although CBSE denied any wrongdoing.
The fallout was significant. The controversy drew public criticism, prompted calls for an investigation, and eventually led to the removal of CBSE’s chairman and secretary. As the debate continued and audits were initiated, another major issue emerged. This time, the spotlight shifted from answer sheet evaluation to cybersecurity, with the NTA facing serious questions about the security of its re-examination portal.
Part 1: The CBSE OSM Row (What Was That Even About?)
OSM stands for On-Screen Marking. CBSE thought, “Hey, let’s scan answer sheets and make teachers check them on laptops.”
Students asked for their scanned copies. What they got was shocking:
Problems Found in Scanned Answer Sheets
| Problem | What Students Found |
| Blurry images | Couldn’t read a single word |
| Missing pages | Half the answer sheet is gone |
| Wrong sheets | Some got another student’s paper |
Now here’s where it gets wild. A 17-year-old named Sarthak Sidhant didn’t just complain. He went and downloaded the original tender documents. These are public files showing how CBSE chose the vendor. And he found some strange changes.
Changes Found in Tender Documents
| Original Tender Clause | Final Version | What Changed |
| The vendor can’t have a poor performance history | Clause removed entirely | Let’s have questionable vendors apply |
| “Blacklisted earlier” | “Blacklisted currently” | Old blacklisting doesn’t matter |
| 300 DPI scanner required | 200 DPI allowed | Cheaper, lower-quality scanning |
The vendor who benefited? Coempt EduTeck. Students alleged the tender was rewritten specifically for them. CBSE said no. But the damage was done. The chairman and secretary lost their jobs. And CBSE had to call IIT Kanpur and IIT Madras to fix their system.
Part 2: Then NTA Stepped Into the Spotlight
Just when we thought exam news would calm down, the NTA mess exploded.
A researcher named Rylen Anil (reports say he’s 16) posted on X that the NTA’s re-examination portal had a bad security flaw. He claimed you could bypass the superadmin login using “extremely weak credentials.” In normal language, the digital keys were under the doormat with a note saying “come on in.”
He shared screenshots. They showed what looked like full admin access. From there, someone could:
Actions Possible Through the Vulnerability
- Download appointment letters for exam center staff
- Export CSV files with personal data
- Manage who is assigned to which center
This is the NTA Re-Exam Portal Vulnerability people are talking about.
The researcher claimed this exposed data of:
People Potentially Affected
| Role | Number of People Affected |
| Observers | 7,900 |
| City Coordinators | 676 |
| Centre Superintendents & Centres | 5,400 |
The exposed info? Names, email addresses, phone numbers. Basic stuff, but enough to run scams. Separate claims also mentioned JEE Advanced systems possibly exposing 1.8 lakh student result records and 1.87 lakh admit card PDFs. That’s names, birth dates, and mobile numbers.
Is every claim verified? Not yet. But screenshots don’t lie, and the timing was terrible.
Once the posts went viral, users noticed the portal link showed a “404 Not Found” error. The researcher later confirmed he reported the issue to NTA and CERT-In, and the agency took the portal offline. Good move. But also… why was it ever online like that?
This whole thing is now called the NTA Cyber Security Controversy online. And honestly? The name fits.
Part 3: The Data Exposure Risk
Let me explain why NTA Student Data Exposure is scary. It’s not just about some hacker seeing names. It’s about what happens next.
Potential Risks of Exposed Data
| Type of Data Exposed | What a Scammer Can Do With It |
| Name + Phone Number | Call pretending to be NTA |
| Roll Number + DOB | Reset passwords on other portals |
| Admit Card PDF | Create fake identity documents |
| Email Address | Send phishing links about exams |
Imagine this call: “Hello, this is NTA support. Your re-exam has been rescheduled. Click this link to confirm your slot.” You click it because they already know your roll number and your mother’s name. That’s the danger. That’s why NTA Data Breach Claims matter even if no hacker actually stole anything yet. The vulnerability itself is the problem.
Part 4: What Both Messes Have in Common
You might think CBSE OSM and the NTA portal are different issues. One is about marking. One is about security. But dig a little, and the pattern is clear.
Comparing Both Controversies
| Issue | CBSE OSM | NTA Re-Exam Portal |
| Who found the problem? | 17-year-old student | 16-year-old researcher |
| What was the flaw? | Rigged tender, blurry scans | Weak admin credentials |
| Who was supposed to check? | CBSE internal team | NTA security team |
| Who got blamed? | Chairman & secretary removed | Portal taken down (no statement yet) |
| What’s the fix? | IIT audit | CERT-In notified |
See the pattern? In both cases, adults running these agencies failed. Teenagers found the problems. That’s not a flex for the kids. That’s an embarrassment for the system.
Also, notice: neither agency did an independent security audit before launching. CBSE trusted the vendor’s own report. NTA apparently left default passwords unchanged. This is basic stuff. Like locking your front door, basic.
Part 5: Where Things Stand Right Now
Current Status
- The NTA portal is offline. That’s confirmed.
- The researcher says NTA responded quickly after his report.
- NTA has not made a public statement explaining what happened.
- CBSE is still doing its IIT-led audit.
- No official confirmation yet on whether student data was actually stolen or just exposed.
Students are anxious. Parents are angry. And honestly? Fair enough.
You can’t have millions of students depending on these portals and then treat security like an afterthought. The NTA Portal Security Flaw wasn’t some sophisticated hack. It was a basic mistake. The kind you learn not to make in your first semester of computer science.
What I Think About All This
Here’s what nobody wants to say out loud: we are digitizing exams faster than we are learning to secure them. Every new portal is a new door. And right now, we’re putting glass doors with cheap locks.
The teenagers who found these issues should be thanked. Seriously. They did what the system failed to do: look closely and speak up. But we can’t keep relying on kids to save us. The NTA and CBSE need mandatory, independent security audits. Not after something goes wrong. Before the portal even goes live. Every time.
Until then, every student who checks a result or downloads an admit card will be holding their breath. And after the last few weeks? I don’t blame them one bit.
Also Read: JEE College Predictor 2026: Check IIT, NIT & IIIT Chances
Frequently Asked Questions (FAQs)
What was the CBSE OSM controversy?
The CBSE OSM (On-Screen Marking) row started when students saw their scanned answer sheets were blurry, had missing pages, or belonged to other students. A 17-year-old student named Sarthak Sidhant analyzed public tender documents and alleged the process was manipulated. He claimed scanner requirements were lowered from 300 DPI to 200 DPI and clauses about past poor performance were removed. CBSE denied wrongdoing but removed its chairman and secretary.
What is the NTA Re-Examination Portal Data Exposure claim?
A cybersecurity researcher claimed the NTA’s re-examination portal had a flaw allowing “superadmin login bypass” using very weak credentials. If true, this would give anyone full admin access, potentially exposing names, emails, and phone numbers of thousands of exam officials. The researcher reported it to NTA and CERT-In, and the portal was taken offline.
How serious is the NTA Portal Security Flaw?
The NTA Portal Security Flaw is potentially very serious. It allegedly gave access to admin functions like downloading databases and managing staff assignments. The flaw was basic: weak credentials, not a complex hack. While no widespread misuse has been confirmed, the risk of NTA Student Data Exposure was real. The portal is now offline, but the fact that such a flaw existed raises serious questions.
What is the NTA Cyber Security Controversy about?
The NTA Cyber Security Controversy refers to the backlash after claims that the NTA’s re-examination portal had a major security hole. Coming right after the CBSE OSM mess, it made people question how exam bodies handle sensitive data. Critics say the NTA rushed to digitize without proper security checks. The agency has not made a detailed public statement yet, but the portal remains down.
How are the CBSE OSM row and NTA data breach claims connected?
Both incidents show the same problems: weak oversight, rushed digital implementation, and no independent security testing. The CBSE OSM Controversy exposed flaws in procurement and marking. The NTA Data Breach Claims expose flaws in data security. In both cases, young researchers, not internal teams, found the problems first. That’s not a compliment to the researchers. It’s a failure of the system. Both agencies need mandatory, independent audits before launching any future portals.
0 Comments