CBSE’s On Screen Marking System Faces Cybersecurity Scrutiny Amid Data Exposure Claims The Central Board of Secondary Education (CBSE) is embroiled in a growing controversy over alleged cybersecurity lapses in its On Screen Marking (OSM) system, which critics say have exposed sensitive student data, including scanned answer sheets and question papers. Independent developers and ethical hackers have publicly flagged vulnerabilities, prompting calls for urgent intervention by the National Human Rights Commission (NHRC). Android developer Sidharth alleged on X (formerly Twitter) that the OSM portals, developed by EduTek, were "fundamentally insecure," citing default passwords, remote code execution (RCE) flaws via URLs, and weak MD5 hashing. Separately, 19-year-old software engineer Nisarga Adhikary claimed that misconfigured AWS storage buckets linked to CBSE allowed unrestricted access to over 2,000 scanned answer sheets and question papers, enabling downloads by anyone online. Adhikary had previously reported breaching parts of CBSE’s digital evaluation infrastructure. In response, CBSE stated that vulnerabilities in the service provider’s portal had been "contained" and that cybersecurity specialists from government agencies and IITs were deployed to bolster security. The board acknowledged monitoring public disclosures of flaws and thanked "ethical hackers" for their reports but did not address the AWS exposure claims directly. Activist and advocate Anubha Shrivastava Sahai has petitioned the NHRC, urging it to take suo motu cognizance of the issue. She warned that ongoing OSM disruptions could disrupt admissions, scholarships, and educational opportunities for thousands of students, calling for alternative grievance mechanisms, deadline extensions, and protections against penalties due to technological failures. The NHRC has been asked to seek reports from CBSE and the Education Ministry.