The Central Board of Secondary Education (CBSE) plans to penalize its on-screen marking service provider, Coempt Edu Teck, for glitches and vulnerabilities discovered in the digital evaluation of Class 12 answer sheets, following a public disclosure by ethical hacker Nisarga Adhikary who highlighted publicly accessible answer sheets and question papers stored on an improperly configured Amazon Web Services (AWS) bucket. Officials confirmed that Coempt Edu Teck, awarded the contract on December 5, will face financial penalties as per the August 2025 tender document, which includes fines for delayed issue rectification and potential termination of the contract, though blacklisting is not an option. In response, CBSE has deployed cybersecurity experts from government agencies and IITs to secure the OnMark portal, containing over 20,000 answer sheets and question papers, confirming that identified vulnerabilities have been contained and are investigating potential data breaches.

The Central Board of Secondary Education (CBSE) plans to penalize its on-screen marking service provider, Coempt Edu Teck, for glitches and vulnerabilities discovered in the digital evaluation of Class 12 answer sheets, following a public disclosure by ethical hacker Nisarga Adhikary who highlighted publicly accessible answer sheets and question papers stored on an improperly configured Amazon Web Services (AWS) bucket. Officials confirmed that Coempt Edu Teck, awarded the contract on December 5, will face financial penalties as per the August 2025 tender document, which includes fines for delayed issue rectification and potential termination of the contract, though blacklisting is not an option. In response, CBSE has deployed cybersecurity experts from government agencies and IITs to secure the OnMark portal, containing over 20,000 answer sheets and question papers, confirming that identified vulnerabilities have been contained and are investigating potential data breaches.

The Central Board of Secondary Education (CBSE) plans to penalize its on-screen marking service provider, Coempt Edu Teck, for glitches and vulnerabilities discovered in the digital evaluation of Class 12 answer sheets, following a public disclosure by ethical hacker Nisarga Adhikary who highlighted publicly accessible answer sheets and question papers stored on an improperly configured Amazon Web Services (AWS) bucket. Officials confirmed that Coempt Edu Teck, awarded the contract on December 5, will face financial penalties as per the August 2025 tender document, which includes fines for delayed issue rectification and potential termination of the contract, though blacklisting is not an option. In response, CBSE has deployed cybersecurity experts from government agencies and IITs to secure the OnMark portal, containing over 20,000 answer sheets and question papers, confirming that identified vulnerabilities have been contained and are investigating potential data breaches.

Following a controversy, the Central Board of Secondary Education (CBSE) is set to penalise its on-screen marking (OSM) service provider, Coempt Edu Teck, over glitches in the digital evaluation of Class 12 answer sheets. 

The move comes after X users flagged vulnerabilities in its answer script evaluation portal. 

According to officials, the Hyderabad-based company will be fined in line with penalty provisions detailed in its August 2025 tender document. 

Issued on August 28, the tender provides for a raft of cascading financial penalties pinned on redressal timelines—including a fine of ₹1 lakh for every 15-minute delay in rectifying a flagged issue—alongside blocked security deposits and contract terminations. 

However, the contract does not contain provisions to blacklist the company for such lapses. Coempt Edu Teck was awarded the contract on December 5.

The development comes after 19-year-old ethical hacker Nisarga Adhikary took to X on Sunday to allege that answer sheets stored in an Amazon Web Services (AWS) bucket (a cloud storage container for documents, images, and data) were publicly accessible. 

Adhikary, in a post on X, said that, “CBSE people didn’t configure their AWS bucket properly and now we can paginate & enumerate all their media, which has 2026 answer sheets & question papers.” He had attached screenshots of several answer copies along with his post.

Hours later, the 'issues' were pointed out, the board said that it had been "closely monitoring the vulnerabilities in the OnMark portal of our service provider that are being flagged in the public domain. 

“An expert team of cybersecurity professionals has been deployed over the last few days from across various arms of the government, as well as the IITs, to fortify these systems, including taking them over to a more secure set-up. The identified vulnerabilities have been contained, and other exploitable weaknesses are being ruled out,” CBSE said.

Reportedly, the vulnerabilities identified by the board showed that there was a data breach related to students' data. 

TAGS