The Central Board of Secondary Education (CBSE) has decided to impose penalties on its on-screen marking (OSM) service provider, Coempt Edu Teck, after vulnerabilities were found in the online system used for evaluating Class 12 answer sheets. Officials said the Hyderabad-based company will face financial penalties under its contract after security and data-related issues were identified on the portal.
The action comes after concerns were raised on social media about the security of the answer sheet evaluation platform. CBSE later confirmed that vulnerabilities had been detected and said corrective steps had been taken to secure the system.
Heavy financial penalties under the tender rules
According to CBSE officials, the August 2025 tender for the OSM project contains detailed Service Level Agreements (SLAs) and penalty provisions for lapses related to security, data handling and operational performance.
The agreement classifies information leaks, security failures and major mistakes during answer-sheet scanning as “critical mistakes”. Other mistakes include loss of answer-book pages during scanning, data security breaches and mismatches in data shared with CBSE.
Under these rules, if a problem is not fixed within the timeline prescribed by CBSE, the vendor can be fined ₹1 lakh for every 15 minutes of delay. A delay in submitting a root-cause analysis and corrective action report can attract a penalty of ₹1 lakh for every 60 minutes. Additional penalties of ₹5,000 per hour can also be imposed for delays in providing support services, training material, user manuals and onboarding assistance.
Vulnerabilities flagged online
The issue came to light after 19-year-old ethical hacker Nisarga Adhikary posted on X that answer sheets and question papers stored in an Amazon Web Services (AWS) bucket could be accessed online. He shared screenshots showing answer-copy files and claimed that the storage bucket was publicly visible without authentication.
According to Adhikary, the root directory of the storage bucket could be listed openly, allowing internet users to view files and folders stored inside it.
CBSE says the system is now secure
Responding to the concerns, CBSE said it had been closely monitoring the vulnerabilities being reported in the public domain. The board stated that cybersecurity experts from various government agencies and IITs had been working to strengthen the system and migrate it to a more secure setup.
Officials said the identified vulnerabilities have been contained, and additional checks are being carried out to ensure no other exploitable weaknesses remain.
A CBSE official said the findings indicated a breach involving student data and confirmed that penalties would be imposed if shortcomings were found within the vendor’s scope of work. Another official maintained that answer books had not been leaked and said all identified vulnerabilities had been patched.
CBSE officials added that a detailed assessment of all issues related to the OSM platform, including security vulnerabilities, is being carried out, and penalties will be imposed in accordance with the tender conditions.

