CBSE Re-Evaluation Portal Hit by Cyberattack on June 3

Less than 24 hours after CBSE replaced its outgoing chairperson and secretary (see article 91), the re-evaluation portal that hundreds of thousands of Class 12 students had been waiting weeks to use came under a co-ordinated cyberattack. The timing — and the volume — caught the board's security team's attention. On June 3, 2026, the portal recorded a denial-of-service (DoS) strike that pushed 1.5 million hits to its servers in under two minutes, alongside more than one lakh attempts at unauthorised file access, according to CBSE's own account reported by The Sunday Guardian and Asianet Newsable. The portal stayed up. But the episode has compounded an already difficult fortnight for the board, its students, and the Ministry of Education under Dharmendra Pradhan.

This article picks up where articles 85 (re-evaluation portal opened June 1) and 91 (leadership reshuffle, June 2) left off. Its focus is the June 3 cyberattack specifically: what was disrupted, what the IIT security teams found, what the parliamentary panel is examining, and what Class 10 and Class 12 students should do right now if their application is stuck.

What Happened on June 3

The re-evaluation portal — running on CBSE's own infrastructure after the board separated the post-result process from Coempt Edutech's OnMark platform — had gone live around 4:30 am on June 2. By the afternoon of June 3, CBSE issued a public statement acknowledging that the portal had been "targeted by malicious actors." The board did not name any individuals, group, or country of origin, and investigators have not attributed the attack to any party. That investigation remains open.

The specific details reported:

• A DoS attack generated approximately 1.5 million (15 lakh) hits within a two-minute window (Sunday Guardian Live).
• More than one lakh attempts at unauthorised file access were logged during the same period.
• Separately, approximately 3.8 million malicious packets were directed at the portal across the broader attack window, according to Asianet Newsable citing cybersecurity monitoring data.

Despite the volume, CBSE said the portal continued to function and recorded over 16,000 successful re-evaluation submissions by 3 pm that day, with more than 8,000 concurrent users active at peak time (Rising Kashmir / Big News Network). By June 3 evening, the board said the total had crossed 28,000 submissions (India TV News).

What CBSE Has — and Has Not — Said

CBSE's public position, carried in The Print and other outlets, is that "vulnerabilities in the OnMark portal have been contained" and the new post-result portal is now under its own direct control. The board acknowledged an earlier security gap: a 19-year-old ethical hacker, Nisarga Adhikary, had reported authentication weaknesses in the OnMark system as early as February 2026 — months before the attack (The Print). At the time, CBSE said the flagged domain was a testing environment. The June 3 attack tested whether those assurances held for the production system.

CBSE has not disclosed the source or attribution of the June 3 attack. It has not confirmed whether any student data was exfiltrated. What it has confirmed is that data has been moved off Coempt Edutech's infrastructure and onto systems under direct CBSE control (The Logical Indian). The OnMark portal itself — the Hyderabad-based Coempt Edutech's platform — is no longer part of the live re-evaluation workflow.

The IIT Madras and IIT Kanpur Audit

Before the portal went live, and in direct response to the earlier vulnerability disclosures, Education Minister Dharmendra Pradhan directed CBSE to deploy cybersecurity specialists from IIT Madras and IIT Kanpur alongside government agency experts to audit the system (India.com / Swarajya Mag). That audit was not a formality.

IIT Kanpur's team reportedly spent more than ten days reviewing two systems: the CBSE registration portal and the post-result services portal (IMTS News / The Cyber Express). Their mandate covered access controls, data storage security, and the resilience of the platform against the kind of volumetric attack that eventually arrived on June 3.

After the attack, an IIT panel formally cleared the new portal's security architecture, according to Asianet Newsable and New Kerala. The clearance came with the caveat that monitoring would continue. CBSE said this ongoing monitoring was what allowed the board to detect and report the June 3 intrusion attempts in real time, rather than discovering them after the fact.

The broader audit also surfaced the concern — reported by Gulf News and others — that an Amazon Web Services cloud storage bucket associated with the OnMark system had contained scanned examination records that could be accessed without login credentials. CBSE's response was to confirm that all relevant data had been migrated away from third-party infrastructure. Whether that migration was complete before the June 3 attack, and what the extent of any prior exposure was, has not been officially confirmed. This is an area of active investigation.

What the Parliamentary Panel Is Examining

The Parliamentary Standing Committee on Education, chaired by Congress leader Digvijaya Singh, summoned School Education Secretary Sanjay Kumar and then-CBSE Chairman Rahul Singh on June 2 — the day before the cyberattack. The committee's stated agenda, reported by News Today, included "use of On-Screen Marking in Grade 12 Exams and issues faced by students consequent."

The June 3 attack arrived while the panel's deliberations were still live. CPI(M) MP John Brittas had separately written to Education Minister Dharmendra Pradhan asking for an independent review of the OSM rollout, citing student complaints about blurred scans, missing step marks, and evaluation discrepancies.

The panel is not a cybercrime investigation body; its remit is policy and procurement oversight. But two threads it is examining have direct relevance to the attack:

• The Coempt Edutech tender trail. Student Sarthak Sidhant, 17, presented before the committee on June 2, alleging that CBSE altered tender conditions in successive rounds to favour the Hyderabad firm, including removing clauses that would have disqualified providers with a record of poor performance. The government's one-member inquiry committee, chaired by S. Radha Chauhan of the Capacity Building Commission, has been asked to submit its report within one month to DoPT.
• Data sovereignty. If examination data was held on a vendor's infrastructure with insufficient access controls, that is a procurement and oversight failure as much as a technical one. The panel is examining how the contract was structured and what oversight CBSE maintained over Coempt Edutech's systems.

The committee has not released a formal report as of this writing. Its findings, when published, will carry weight: the NEET-UG controversy from 2024 showed that parliamentary scrutiny can accelerate ministerial action on examination administration failures.

Timeline: How the Crisis Developed

Date	Event	Impact on Students
Feb 2026	Ethical hacker Nisarga Adhikary reports OnMark vulnerabilities to CERT-In	No immediate action; CBSE says flagged site is test environment
May 29, 2026	Re-evaluation portal launch scheduled	Postponed; CBSE cites technical readiness
June 1, 2026	Portal re-scheduled to open	Further delayed overnight
June 2, 2026	Portal goes live at 4:30 am; Chairman Rahul Singh and Secretary Himanshu Gupta transferred; parliamentary panel meets; Radha Chauhan inquiry committee constituted	Students begin submitting applications; new CBSE leadership (Lokhande Prashant Sitaram, Varun Bhardwaj) installed
June 3, 2026	DoS attack: 1.5 million hits in 2 minutes; 1 lakh+ unauthorised file access attempts; 3.8 million malicious packets logged	Portal stays operational; 28,000+ submissions recorded by evening
June 3–5, 2026	IIT panel completes post-attack security review; clears portal	Monitoring intensifies; portal kept accessible
June 6, 2026	Original application deadline (midnight)	Deadline later extended
June 7, 2026	Application deadline extended to midnight	Students with payment/login issues get additional time
June 8, 2026	CBSE confirms re-evaluation process moved to secured portal; Coempt Edutech OnMark removed from workflow	New portal URL active: postresult.cbseit.in/pvr

What Is Still Not Known

The investigation is open. Honest reporting requires flagging the gaps:

1. Attribution. CBSE has used the phrase "malicious actors." No claim of responsibility has been confirmed, and no law-enforcement body has publicly named a suspect. Premature attribution would be speculation.
2. Data exposure scope. Whether the AWS bucket exposure resulted in any actual exfiltration of student records has not been confirmed. The board says data has been moved; it has not confirmed whether data was accessed before the move.
3. Class 10 timeline. The coverage above focuses on Class 12. Class 10 students seeking scanned answer copies or re-evaluation have a partially overlapping but distinct process. CBSE's official portal (cbse.gov.in) is the authoritative source; the board has not publicly confirmed whether Class 10 deadlines were similarly extended.
4. Radha Chauhan inquiry findings. The committee has one month from June 2 to report to DoPT. Until that report is public, the full picture of the procurement process — and any connection between vendor-managed infrastructure weaknesses and the attack — is not established.

What Students Should Do

If you are a Class 12 student with a pending re-evaluation application, or a parent trying to track one down, here is the practical checklist based on verified information available as of June 8, 2026.

Check your application status first. The current operative portal is postresult.cbseit.in/pvr. This is CBSE's own infrastructure, separate from Coempt Edutech's OnMark platform. If you submitted before the June 7 midnight deadline, log in with your roll number and confirm the submission shows as received.

If your payment failed but the form did not go through. Multiple students reported payment gateway errors on June 2–3, coinciding with the attack window. CBSE's re-evaluation fee is ₹25 per question; verification of marks is ₹100 per subject. Fees are refunded if marks increase after re-evaluation. If you were charged but the application did not register, contact the helpline immediately with your payment transaction ID.

Contact CBSE directly for stuck applications.
- Tele-Counselling Helpline: 1800 11 8004 (toll-free)
- Email: resultcbse2026@cbseshiksha.in

Keep a screenshot of any error messages, payment confirmation SMS or email, and your roll number ready before calling or writing.

Do not use third-party portals or agents. The only valid portal is the one at cbseit.in/pvr. CBSE has not authorised any agent or third-party website to process re-evaluation applications on students' behalf.

Class 10 students. The CBSE Class 10 post-result services process runs on a slightly different calendar. Check cbse.gov.in directly for any deadline update specific to Class 10, or call the same helpline number. Do not assume Class 12 deadline extensions apply automatically.

Document complaints about answer-sheet discrepancies separately. If your concern is not about re-evaluation fees or portal access but about the accuracy of your scanned answer sheet — wrong handwriting, missing pages, or blurred scans — this is a distinct issue that the Radha Chauhan inquiry committee is examining. Write to CBSE at the email above, describe the specific discrepancy, and keep a copy. These records may matter when the inquiry report is published.

Wait for the inquiry report — but do not wait to file. The Radha Chauhan committee has until early July 2026 to report. If that report identifies systemic failures, the Ministry of Education may open a supplementary redress window. That is speculation for now. What is not speculative is that missing a filing deadline because you were waiting for the inquiry will not be treated as a valid reason for a late application under current rules. File first; follow the inquiry separately.

The cyberattack on June 3 disrupted a portal that was already being watched by a parliamentary committee, had just seen its top leadership replaced, and was operating on borrowed confidence after months of complaints about its underlying vendor. The portal survived. Whether the structural questions — about data sovereignty, vendor oversight, and the tender process — are answered adequately will take longer to establish. Students dealing with immediate grievances do not have to wait for those answers to act.