CBSE may penalize OSM vendor over Class 12 marking vulnerabilities
What's the story
The Central Board of Secondary Education (CBSE) may impose penalties on its on-screen marking (OSM) service provider, Coempt Edu Teck, after users on social media platform X flagged vulnerabilities in its answer script evaluation portal. The scrutiny intensified after 19-year-old ethical hacker Nisarga Adhikary alleged that "CBSE people didn't configure their AWS bucket properly and now we can paginate and enumerate all their media, which has 2026 answer sheets and question papers."
Official response
CBSE 'closely monitoring the vulnerabilities'
Hours later, CBSE said it had been "closely monitoring the vulnerabilities in the OnMark portal of our service provider that are being flagged in the public domain." "An expert team of cybersecurity professionals has been deployed...from across various arms of the government as well as the IITs to fortify these systems, including taking them over to a more secure setup. The identified vulnerabilities have been contained, and other exploitable weaknesses are being ruled out," CBSE added.
Penalty details
Tender awarded in December
The Hyderabad-based Coempt Edu Teck was awarded the contract on December 5, 2025. However, a corrigendum issued on September 20, 2025 removed provisions for blacklisting vendors for such lapses from the original tender document. The new clause states that "The committee may send show cause notice for forfeiture for PBG (performance bank guarantee) and Termination of contract," without mentioning blacklisting.
Contract modification
September corrigendum modified original tender document
Officials said Coempt will be fined in line with penalty provisions detailed in its August 2025 tender document. The August document outlines various financial penalties based on redressal timelines, including ₹1 lakh fines for every 15-minute delay in rectifying issues flagged by CBSE officials. The document also defines penalties for "critical mistakes," such as information leaks and major lapses while scanning answer scripts. It also includes penalties for "other mistakes," like loss of pages during scanning and data security breaches.