CBSE Re-evaluation Portal Hit by Malicious Cyberattack, Triggering Widespread Payment Disruptions
The Central Board of Secondary Education (CBSE), India's primary national-level school examination body responsible for conducting Class 10 and 12 board exams, encountered a significant security breach in its post-result re-evaluation portal in late May 2026. The incident, described by government sources as a malicious cyberattack, primarily targeted the payment gateway integrated with the HDFC bank system. Approximately 50 students reportedly gained unauthorised access, leading to erratic fee displays that fluctuated dramatically from as little as one rupee to nearly Rs 68,000 for re-evaluation applications.
This disruption occurred shortly after the portal went live on May 19, 2026, affecting the process for verification of marks, obtaining photocopies of answer sheets, and requesting re-evaluations. The board had to defer the next phase of operations until the system could be secured, pushing the full reopening to June 1, 2026. Students across the country, many of whom were already anxious following the declaration of results earlier in May, faced additional stress as login attempts failed or payments could not be processed reliably.
Timeline of Events and Technical Details of the Breach
The sequence began with the activation of the re-evaluation portal for Class 12 students. Within hours of going live, irregularities surfaced in the fee payment module. Government officials confirmed that the attack exploited vulnerabilities in the HDFC-linked gateway, allowing unauthorised entries. Fee amounts for some users spiked abnormally, while others encountered blurred or incomplete scanned answer sheets in related processes.
By May 30, 2026, reports from multiple outlets highlighted the issue, prompting swift intervention. The Education Ministry coordinated with cybersecurity experts from the Indian Institutes of Technology (IITs), including Madras and Kanpur, along with the Digital Infrastructure Corporation of India. These teams reviewed the platform, patched vulnerabilities, and integrated additional safeguards from public sector banks to bolster the payment infrastructure.
The portal was eventually stabilised and reopened on June 1, with officials emphasising that all data systems were under continuous monitoring to prevent further incidents. The breach did not appear to compromise personal student data on a large scale, but it underscored vulnerabilities in digital examination services handling millions of applications annually.
Impact on Students and Parents Amid Ongoing Academic Pressures
Thousands of students expected to apply for post-result services were affected by the delays and glitches. The re-evaluation window is critical for those disputing marks, especially in competitive subjects where small changes can influence college admissions. Reports indicated login errors, frozen screens, and repeated payment failures even after the initial fix attempts.
Parents expressed frustration over the timing, coming just weeks after results were announced. Many had already planned applications based on initial scores, only to face uncertainty. The Central Board of Secondary Education manages examinations for over 40 lakh students in Class 12 alone, making any disruption in post-result services particularly consequential for families relying on accurate and timely processes.
Photo by Egor Komarov on Unsplash
Government Response and Involvement of Technical Experts
Education Ministry officials publicly attributed the glitches to a malicious attack rather than internal technical failures. Senior sources noted that the payment gateway was specifically targeted, with around 50 students involved in the unauthorised access. Investigations are ongoing to identify the perpetrators and strengthen protocols.
The deployment of IIT cybersecurity teams marked a collaborative effort between academic institutions and government bodies. Experts focused on fortifying the On-Screen Marking (OSM) system and payment integrations. Public sector banks were brought in to diversify the gateway, reducing reliance on a single private provider and enhancing resilience against future threats.
Broader Context of CBSE's Digital Examination Ecosystem
CBSE has increasingly digitised its operations, from result declarations via DigiLocker to online application portals for re-evaluations. The On-Screen Marking system, introduced to improve efficiency and transparency in answer sheet evaluation, has faced scrutiny in recent years over potential glitches in scanned copies, such as missing pages or evaluation inconsistencies.
This cyber incident highlights the challenges of maintaining secure digital platforms for high-stakes educational processes. Similar vulnerabilities have been flagged in the past, including ethical hacking demonstrations exposing hardcoded passwords in evaluation systems earlier in 2026. The board continues to refine these systems to balance accessibility with robust security measures.
Related Official Updates on Student Transfers and Documentation Rules
Alongside the portal issues, CBSE implemented changes to Transfer Certificate (TC) procedures effective from 2025. Students moving between CBSE-affiliated schools no longer require countersignature from education authorities on their TCs. The receiving school can verify the previous school's affiliation directly through the official CBSE website, streamlining the process for families relocating due to parental job transfers or other reasons.
For students shifting from non-CBSE schools, the traditional countersignature requirement remains in place. These updates aim to reduce administrative burdens while maintaining verification standards. Deadlines for admissions and subject changes in the 2025-26 academic year also account for government service transfers, allowing flexibility for affected families.
Photo by Brett Jordan on Unsplash
Cybersecurity Challenges in India's Education Sector
The CBSE incident reflects wider concerns about digital security in public examination systems. With increasing reliance on online portals for applications, payments, and document access, educational boards face sophisticated threats. The integration of multiple payment gateways and expert oversight represents proactive steps toward mitigation.
Officials have stressed the importance of regular audits and real-time monitoring. Public sector involvement in payment infrastructure is expected to set a precedent for other government-linked educational services, promoting greater redundancy and security layers.
Future Outlook and Measures to Prevent Recurrence
CBSE has committed to ongoing enhancements, including expanded use of public sector bank gateways and continuous collaboration with IIT experts. The board monitors all systems round-the-clock and plans to issue regular updates on portal status during peak application periods.
Students and parents are advised to use official channels only and report any anomalies immediately. The experience serves as a reminder of the need for resilient digital infrastructure in education, ensuring that processes like re-evaluation remain reliable even under potential threats.
Looking ahead, similar safeguards may be extended to other CBSE services, fostering greater trust in the board's digital initiatives. The focus remains on delivering transparent, secure, and efficient post-result support for the millions of students under its purview.