Delhi Police filed an FIR on Friday after the Central Board of Secondary Education (CBSE) lodged a formal complaint over a series of coordinated cyber attacks targeting its post-result services portal.
In a statement, the board asserted that all attacks were successfully mitigated and no data breach or compromise of information was detected. The complaint was filed with the Intelligence Fusion & Strategic Operations (IFSO) Unit of Delhi Police regarding "a series of coordinated and sophisticated cyber attacks" directed at its Post-Result Services Portal.
The portal, launched on June 2 to facilitate services such as verification and re-evaluation of answer scripts for class 12 board exam-givers, was subjected to repeated and coordinated cyber attacks over the past three days, the CBSE said.
"The attacks involved large volumes of malicious traffic originating from multiple IP addresses within and outside the country," it said.
"As the portal caters to lakhs of students across the country for availing post-result services, any disruption to its functioning has the potential to adversely impact a large number of stakeholders, cause significant public inconvenience, and affect public order and create dissatisfaction amongst students against the Board," it said.
According to the board, the apparent objective of the attackers was to destabilise the platform, deny access to legitimate users and attempt unauthorised extraction of information by the elements inimical to national interest.
"In view of the nature, scale, and coordinated character of these attacks, CBSE has approached the IFSO Unit for a detailed investigation and appropriate legal action against those responsible," the statement said.
The board maintained that its systems and databases remain secure and uncompromised.
"It is emphasised that despite these malicious attempts, CBSE's systems and databases remain secure and uncompromised. No data breach or unauthorised access has been detected," it said.
CBSE said the attacks were successfully mitigated through continuous 24x7 monitoring and response mechanisms, with support from cybersecurity teams of IIT Kanpur, IIT Madras, Digital India Corporation, the Indian Cyber Crime Coordination Centre (I4C), CERT-In and other central government agencies.
Earlier, a 19-year-old ethical hacker and Class 12 student had exposed severe security vulnerabilities in the CBSE servers. Nisarga Adhikary gained "write access" to the board's infrastructure in what he described as "child's play."
Beyond being able to access and alter sensitive information—including student answer scripts and the personal data of teachers—Adhikary demonstrated that he could play unauthorised content directly on the live production website.
The CBSE has been embroiled in controversy after some class 12 students claimed that the scanned copies of their answer sheets, uploaded by the board, did not match their handwriting, raising concerns about potential mismatches in the OSM system.
On Tuesday, the Cabinet Secretariat announced the formation of a one-member committee to investigate the procurement of services for the OSM system by the CBSE.
