IIT Roorkee refuses claims of data breach affecting JEE (Advanced) aspirants
New Delhi, June 5
IIT Roorkee on Friday refuted claims of a data breach and privacy violation affecting lakhs of JEE aspirants, calling them "misleading and factually incorrect."
In a post on X, the institution wrote, "Claims of a data breach and privacy violation affecting lakhs of JEE (Advanced) aspirants are misleading and factually incorrect. The information circulating on social media is misleading and does not accurately reflect what happened. There is an attempt at spreading misinformation, which is far from the truth."
As per the post, IIT Roorkee introduced technical fixes on June 2 to resolve admit card access issues and streamline the registration process.
"On 2nd June 2026, certain technical interventions were undertaken on an expedited basis to assist candidates experiencing difficulties in accessing admit card data and to ensure the smooth functioning of the registration process. These interventions resulted in a minimal, temporary misconfiguration in a cloud storage component. An ethical hacker, Mr. Rylen Anil, identified this misconfiguration and reported that he could access the concerned database. The issue was immediately rectified and access to the data was restricted," the post read.
It clarified, "The affected storage was read only, meaning no data could be edited or deleted. An analysis of cloud access logs confirmed that no bulk download occurred (the read-only access was limited to less than 0.05% of the data). No sensitive information was compromised or mass-extracted. This incident had zero impact on examination outcomes, including marks, ranks, and categories of the candidates."
The Institution further stated, "IIT Roorkee remains fully committed to maintaining the integrity, security, and transparency of the JEE (Advanced) and JoSAA counselling processes. Deliberate attempts to misrepresent this technical event and undermine public trust in the examination system are deeply concerning and should be discouraged."
"The JEE (Advanced) team looks forward to supporting every aspirant through a smooth and secure admission process into IITs and IISc," IIT Roorkee added.
— ANI
Reader Comments
As a parent of a JEE aspirant, I was really worried when I heard about this. But IIT Roorkee's clarification is thorough. The ethical hacker did his job responsibly by reporting it, and IIT fixed it immediately. I appreciate that sensitive info like marks and categories weren't affected. However, they need to ensure this doesn't happen again - our children's future is at stake. Kudos to the hacker for responsible disclosure! 🇮🇳
I understand the concern but honestly, as a cybersecurity professional, this sounds like a standard fix gone slightly wrong. The 0.05% access and read-only nature are key details that show no real damage was done. IIT Roorkee's transparency here is good to see. Still, in the age of cyber attacks, institutions handling student data need robust security from day one. Better safe than sorry.
"Deliberate attempts to misrepresent this technical event" - IIT Roorkee is right to call out misinformation! Social media can blow things out of proportion. My cousin was one of those who couldn't download his admit card, and he was stressed. The fact they fixed it quickly is commendable. But I hope the government mandates regular security audits for all exam portals. Students deserve peace of mind.
Hats off to the ethical hacker who found this and reported it responsibly! But IIT Roorkee should have had better safeguards in place. 'Temporary misconfiguration' sounds like a convenient excuse. What if it was a malicious hacker instead? With AI and everything, data security should be top priority. Still, I'm glad the damage was minimal. JEE is sacred - we can't afford any security lapses.
We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.