New Delhi, October 26, 2023 — The Central Board of Secondary Education (CBSE) has officially disclosed that its online re-evaluation and verification portal was subjected to a sustained and unprecedented wave of cyberattacks over the past two months, recording nearly 1.5 million hits. The revelation has sparked serious concerns about the security of sensitive academic data and the integrity of the examination process.
A Two-Month Onslaught of Digital Intrusion
According to senior CBSE officials, the portal, which allows students to apply for re-evaluation of answer sheets, has been the target of a “barrage of cyberattacks” since late August. The attacks, characterized by automated scripts and bot-driven traffic, resulted in approximately 1.5 million access attempts in just 60 days. Officials described the frequency as “abnormal and highly suspicious,” noting that the volume of traffic was exponentially higher than the expected number of legitimate student applications.
“We observed a pattern of coordinated, high-frequency attempts to overload the system,” a senior CBSE technical team member stated on condition of anonymity. “The sheer volume—1.5 million hits in two months—indicates a deliberate, targeted effort, not mere curiosity or standard traffic spikes.”
Nature of the Attacks
Preliminary investigations by the Board’s cybersecurity cell suggest that the attacks were a combination of Distributed Denial-of-Service (DDoS) attempts and credential stuffing. In a DDoS attack, multiple compromised systems flood a target server, rendering it inaccessible. Credential stuffing involves using stolen login credentials from other breaches to gain unauthorized access.
“The attackers were not just trying to crash the portal; they were attempting to brute-force entry into individual student accounts,” explained cybersecurity analyst Vikram Singh. “If successful, they could alter application statuses, view sensitive data, or even manipulate re-evaluation results.”
While the Board has not confirmed any successful breach of student data or financial information, the persistent attacks have forced CBSE to deploy additional security layers, including multi-factor authentication (MFA) and rate-limiting protocols.
Impact on Students and the Re-Evaluation Process
The cyber onslaught has had a tangible impact on students awaiting re-evaluation results. Many users reported receiving error messages, “gateway timeouts,” and delays in application submissions between September and October.
“The portal was extremely slow. I kept getting a ‘502 Bad Gateway’ error for three days straight,” said Priya Sharma, a Class 12 student from Delhi who applied for re-evaluation. “I feared my application wouldn’t go through on time. It was stressful.”
CBSE has since issued a public advisory assuring students that all applications submitted within the deadline will be processed, despite the technical disruptions. The Board has also extended the re-evaluation application window in some regions to accommodate affected students.
Broader Implications for Digital Infrastructure
The attack on CBSE’s portal is not an isolated incident. Educational institutions, particularly public examination boards, have become prime targets for cybercriminals in India. Last year, the National Testing Agency (NTA) faced similar DDoS attacks during the JEE Main registration. These incidents underscore a critical vulnerability: the lack of robust, real-time threat detection in government-operated academic portals.
Cybersecurity experts argue that the scale of the attack—1.5 million hits—could have been mitigated with better infrastructure. “A typical DDoS protection setup, like Cloudflare or AWS Shield, would have absorbed this volume without issue,” said Singh. “The fact that it reached the public’s attention suggests the Board’s security posture was reactive, not proactive.”
Official Response and Next Steps
In a formal statement, a CBSE spokesperson confirmed the incident and outlined immediate actions: “We have identified the unauthorized traffic patterns and have implemented enhanced monitoring and filtering mechanisms. The portal is now stable, and all re-evaluation processes are on track.”
The Board has also filed a formal complaint with the Indian Computer Emergency Response Team (CERT-In) , which is now conducting a forensic audit of the attack vectors.
Conclusion
The revelation that the CBSE re-evaluation portal faced 1.5 million cyberattack hits in two months serves as a stark reminder of the growing threats to India’s educational digital ecosystem. While the Board has taken emergency measures to stabilize the portal and safeguard student data, the incident highlights an urgent need for systemic upgrades, regular security audits, and a dedicated cyber task force for public examination systems. For the millions of students who depend on these platforms for their academic futures, the security of their data must remain non-negotiable.