On 2 June 2026, hours after 17-year-old Sarthak Sidhant, a schoolboy from Ranchi, made a presentation to the parliamentary standing committee on education, the government transferred the chairman and secretary of the CBSE (Central Board of Secondary Education), both IAS officers. It also announced a departmental inquiry committee to look into the hurried introduction of a digital evaluation system that led to this fiasco.

Since the CBSE Class 12 results were announced on 13 May, lakhs of harried students have reported totalling errors, unmarked questions, mismatched answer sheets, blurred scans and missing supplementary sheets. Lakhs have applied for verification. In a tweet on 26 May, the CBSE acknowledged receiving 4.04 lakh ‘applications for scanned copies of answer books’. The same tweet claimed to have received ‘11.31 lakh requests for answer books’. The distinction was not clear to this reporter.

For students waiting for re-evaluation, this is no longer a technical glitch. The results are now suspect and at risk are college admissions that are often provisional pending proof that candidates have secured the necessary cut-off marks in their board exams.

Transferring a few worthies and demanding that the education minister resign does not solve the students’ problems nor secure their future. Even now, after its hurriedly introduced on-screen marking (OSM) web domain has been conclusively proven to be hackable, the CBSE’s response is to accept re-evaluation requests — for a fee! It has even managed to come up with a graded fee structure for this re-evaluation. And, believe it or not, will conduct the re-evaluation on the same compromised web domain. If the CBSE has alternative plans, there have been no public announcements to that effect.

****

Sarthak Sidhant and 19-year-old Nisarga Adhikary from Siliguri have thoroughly exposed the OSM platform used to evaluate the CBSE Class 12 board papers of 18 lakh students. Sarthak went a step further and exposed how the CBSE tweaked conditions to favour Hyderabad-based Coempt Eduteck over Tata Consultancy Services (TCS).

Quick aside: TCS with 600,000 employees, an annual revenue of $29 billion (Rs 2.40 lakh crore) and 57 years of experience lost out to a company with 51 employees and an average annual turnover of Rs 50 crore.

Sure, size doesn’t bestow credibility but ‘CBSE did not just pick a bad software vendor by accident. They lowered financial baselines. They dropped software security certifications. They cut the corrupt practices cooling-off period by half. They removed the physical server isolation requirement. They erased the word ‘blacklisting’ from their penalty matrix via a last-minute corrigendum, before bidding; and they bypassed their own mandatory CERT-In production audits,’ Sarthak points out in a blog post.

Why did TCS lose the contract? CBSE floated the tender thrice in 2025 — in February, May and August — each time diluting some of the conditions, lowering the bar and making it easier for Coempt Eduteck to bid. On paper, TCS with its vast network, expertise and collaborators abroad, did look qualified to roll out India’s first online evaluation platform. But it became clear that the CBSE was doing everything possible to keep it out. It even decided that the vendor needn’t have its own ‘data centre and disaster recovery centre’, that it would do if the vendor relied on a ‘MeitY-empanelled data and disaster recovery centre’.

There were other tweaks in the OSM tender that Sarthak Sidhant prised open and laid bare. ‘They gambled with our data security, our marks, our mental health; the institution failed us,’ Sarthak writes in his blog.

Nisarga, who had discovered how vulnerable the platform was back in February, three months before the Class 12 board examination began (on 17 May), was equally scathing.

He could have sold the data and made a lot of money, he said. But he didn’t. He could have also kept quiet and used the loopholes to manipulate the marks for whoever was willing to pay. He didn’t. If access to the evaluators’ platform was as easy as Nisarga had demonstrated, what is the guarantee that bad actors did not?

Nisarga, the ethical hacker, promptly informed India’s Computer Emergency Response Team (CERT-In) what he had found and shared what needed to be done to plug the loopholes. CBSE and CERT-In were both casual and callous. Coempt Eduteck, presumably alerted by the CBSE and CERT-In, ignored the warning from the student. What could a Class 12 student possibly do?

The company, the 19-year-old flagged, had ‘not only kept the door to the evaluators’ platform open but kept the key hanging in the lock.’ The password to access the platform was in full public view and he could easily retrieve data and details of schools and examiners, Nisarga said. Anyone could take over any examiner’s account, view answer sheets and edit marks.

Nisarga reported this to CERT-In on 25 February. He was asked for a screen recording and he promptly shared the ‘full walkthrough’, retracing the steps he took to gain access. He received an acknowledgment and a case reference number: CERTIn-16590126. He was assured that CERT-In was in touch with the agencies concerned. However, the loopholes remained till the results were declared on 13 May.

Another examinee, Vedant Srivastava,demanded to see his marked Physics answer sheet, which was emailed to him by the CBSE. Vedant was horrified to find that while the first page of the answer sheet, where roll number, school code etc. had to be filled, was in his own handwriting, the rest of the answer sheet was in somebody else’s handwriting.

After the CBSE stonewalled him, he took to X on 22 May to complain. He was trolled as a ‘Pakistani’, an ‘anti-national’. By a hostile TV anchor, among others.

The same day Nisarga made his blogpost public amplifying how the platform was an invitation to manipulate marks. The CBSE claimed it was a test portal, but quietly deleted its tweet after a friend of Nisarga bought the domain for Rs 99.

On 25 May, Nisarga detected another vulnerability, and again reported it to CERT-In. Four hours later, the CBSE took the whole portal down. On 31 May, he managed to access another CBSE portal with details of 45,074 failed payments for re-evaluation including emails, phone numbers, payment IDs and order IDs. The CBSE doubled down to say there was nothing wrong, that the system was robust.

****

There are questions that the CBSE needs to answer. Was it under any pressure to award the contract to the Hyderabad-based company? Why did it fail to heed warnings given by its own governing body members and evaluators? Why were tender conditions tweaked? Who demanded these tweaks and who approved them? Why was Coempt Eduteck picked despite its dubious track record?

Most importantly, how will the CBSE restore faith in the sanctity of these results short of a full re-evaluation of all papers, by means that are considered fair and above board by independent auditors.

Given that these ethical hackers have repeatedly and conclusively demonstrated that the OSM domain is compromised, that it can be hacked and marks altered at will, what is the guarantee that this hasn’t happened? Is the CBSE in a position to vouch that bad actors were not involved to game the results for a price?

‘You study day and night for two full years. You sacrifice sleep, fun, family time, everything, just to score well in your Class 12 boards. You dream of JEE, NEET, a good future. Then the results come... and every-thing is destroyed. This is not a story. This is what lakhs of CBSE students are living right now,’ Tanmay Kashyap, a CBSE Class 12 student from Patna wrote on social media, echoing the sentiment of lakhs of students.