IIT Roorkee rejects JEE (Advanced) data breach claims, says no sensitive data compromised

Claims of a data breach and privacy violation affecting lakhs of Joint Entrance Examination Advanced aspirants are misleading and factually incorrect the Indian Institute of Technology IITRoorkee said on Friday asserting that no sensitive information was compromised or massextracted following a temporary cloud storage misconfigurationIITRoorkee which conducted the examination this year said information circulating on social media did not accurately reflect the incident and alleged that attempts were being made to spread misinformationJEE Advanced serves as the gateway for admission to undergraduate programmes at IITs and several other premier engineering institutions across the countryIn a series of posts on X IITRoorkee said Claims of a data breach and privacy violation affecting lakhs of JEE Advanced aspirants are misleading and factually incorrect The information circulating on social media is misleading and does not accurately reflect what happened There is an attempt at spreading misinformation which is far from the truthThere have been several misleading and factually incorrect reports regarding data breach and privacy violations with respect to students who took JEE Advanced examinationAs per the clarification issued by iitroorkee the Ministry reiterates that no sensitive information washellip httpstcohJyP6I3lm3mdash Ministry of Education EduMinOfIndia June 5 2026According to the institute certain technical interventions were carried out on an expedited basis on Tuesday to assist candidates facing difficulties in accessing admit card data and to ensure the smooth functioning of the registration processIt said these interventions resulted in a minimal temporary misconfiguration in a cloud storage component which was identified and reported by ethical hacker Rylen AnilJEEAdvanced portal issue had no impact on marks ranks or admissions process IIT RoorkeeAn ethical hacker Mr Rylen Anil identified this misconfiguration and reported that he could access the concerned database The issue was immediately rectified and access to the data was restricted the institute saidThe affected storage was in readonly mode meaning no data could be edited or deleted IITRoorkee said adding that an analysis of cloud access logs confirmed that no bulk download had taken placeThe affected storage was readonly meaning no data could be edited or deleted An analysis of cloud access logs confirmed that no bulk download occurred the readonly access was limited to less than 005 per cent of the data it further statedThe institute also maintained that no sensitive information was compromised or massextracted and that the incident had zero impact on examination outcomes including marks ranks and category of the candidatesReaffirming its commitment to the examination process IITRoorkee said it remains fully committed to maintaining the integrity security and transparency of the JEE Advanced and Joint Seat Allocation Authority JoSAA counselling processesDeliberate attempts to misrepresent this technical event and undermine public trust in the examination system are deeply concerning and should be discouraged it stated adding The JEE Advanced team looks forward to supporting every aspirant through a smooth and secure admission process into IITs and IIScrdquoInstitute responded after 16yearold researcher flagged cloud storage issueEarlier IITRoorkee had confirmed that the JEE Advanced 2026 results portal experienced a cloud storage configuration issue after a teenager who identifies as a cybersecurity researcher claimed that personal and examinationrelated details of lakhs of students were accessible without authorisationThe clarification came after Rylen a 16yearold cybersecurity researcher posted on X alleging that the public cloud storage endpoint of the results portal was accessible without authentication exposing bulk candidate dataOn Tuesday night the institute said the data was stored in readonly mode with no possibility of records being altered and added that the issue was being addressed on priorityWith PTI inputs