IIT Roorkee data breach exposes data of 1.8L JEE candidates
What's the story
IIT Roorkee has confirmed a major data breach, exposing the personal information of over 179,000 students who took the JEE Advanced exam this year. The breach was discovered by a cybersecurity researcher who found that a public cloud storage linked to the exam's result system had been misconfigured and left open for unauthorized access. The researcher claimed that the exposed data included candidate names, dates of birth, and mobile numbers.
Response to breach
IIT Roorkee taking corrective action
In light of the data exposure, IIT Roorkee has acknowledged the issue and is taking corrective action. The institute confirmed that the breach was due to a misconfigured cloud storage device. "The same is being plugged on priority," it said in a statement on social media platform X (formerly Twitter). The institute also clarified that no alteration of records was possible as the data stored was read-only.
Breach details
Exposed data included admit card PDFs, structured result records
The exposed data not only included personal information but also admit card PDFs and structured result records. Screenshots shared by the researcher showed multiple JEE Advanced 2026 documents with candidate information as well as structured result data including subject-wise marks, ranks, and personal details. Some of this information was redacted in the images.
Future measures
Affected candidates yet to be notified
IIT Roorkee has not yet issued a separate statement on how long the data was exposed or if affected candidates will be notified. However, the institute has assured that corrective action is being taken on priority. The incident comes amid growing concerns over cybersecurity in India's examination ecosystem, with earlier controversies involving CBSE's On-Screen Marking (OSM) system and alleged vulnerabilities in the National Testing Agency's (NTA) re-examination portal.