The CBSE has denied any breach of personal data of 2018 National Entrance Cum Eligibility Test (NEET) candidates saying the allegations “appears to be the handiwork of certain unscrupulous persons with the objective of duping the gullible public.” The CBSE issued the statement in response to a letter Congress President Rahul Gandhi wrote to the board asking it to act on multiple media reports on the data leak of NEET candidates.

No question of breach, all data encrypted: CBSE

The board has said that there was “no question of any breach of data or any misuse of data by the CBSE” as all the data of all 1.3 million NEET 2018 candidates was maintained “only in encrypted format with strict security measures with the National Informatics Centre.” Even when CBSE accesses data from the NIC, which hosts data of several government websites, “it does not contain personal details such as mobile numbers, details of identification documents, email IDs, etc.”

The entire data of more than 13,26,725 candidates of NEET-UG was maintained only in encrypted format with strict security measures with National Informatics Centre (NIC). So much so that, even in the printout of the confirmation page downloaded by the candidates, the vital details such as identification documents, mobile and email ID are in the encrypted format.

…The National Informatics Centre host several government data in highly secured environment…

There is no question of any breach of data or any misuse of data by CBSE. Rather, CBSE has a full proof system of conducting search prestigious and high stake examinations such as NEET-UG, and ensures data protection in the interest of examinees and to uphold the sanctity of public examinations.

Director, NEET-UG.
(Statement issued by CBSE)

On July 20, Gandhi had written to the CBSE Chairperson Anita Karwal urging the body to “put in place additional safeguards to prevent the recurrence of such data breaches” after multiple reports emerged showing that personal data of 200,000 NEET 2018 candidates was up for sale on “I am shocked by this wide-scale theft of personal data that has compromised the privacy of candidates across the country. This highlights the serious lack of safeguards to prevent the data breach and calls into question the ability of the CBSE to ensure the sanctity of the examination process,” Gandhi wrote. The NEET is a annual countrywide exam for entrances into government and private medical colleges convened by the CBSE. This year, 1.3 million students appeared for the exam; the data leak contained personal information of upto 200,000 of those candidates.

Personal and academic data of millions of Indian students is up for sale online

Last week, it emerged that a website run by an individual was leaking the exhaustive personal data of 200,000 NEET 2018 candidates; the portal was selling this data to coaching institutions and private colleges alike, who would evidently use the data to advertise their own institutions to these candidates. As reported by MediaNama, the portal was just one among more than 50 such portals which was leaking personal and academic data of students across the country and had put them up for sale. More than 50 websites run by a single person are leaking expansive and exhaustive data containing personal information of students including name, phone number, email address, college name, academic qualification, year of passing or year student is currently in and so on. The students in question are from engineering colleges, medical schools, fashion institutes, business schools and even 12th graders. The domains are a treasure trove of personal data for advertisers who want to market their institutions and coaching classes to aspiring students.

MediaNama’s take

The CBSE has failed to identify that encrypted data can be decrypted, and then uploaded and accessed by any and all parties. Even though the CBSE says it was not the source of the leak, it remains a fact that data of millions of candidates who have appeared for exams convened by the CBSE — 12th standard board exams, NEET, JEE, among others — is still out there and up for sale (On one portal, data of 3.7 million students who appeared for 12th standard board exams is leaked.) If nothing else, as a central government education board, the CBSE has a duty to issues warnings to students and parents (especially when the students can be minors) about the risks of such data being out in the open.