ROORKEE: Amid growing concerns over an alleged data breach affecting JEE (Advanced) candidates, Indian Institute of Technology (IIT) Roorkee has denied any large-scale compromise of candidate information, terming the reports circulating on social media as “factually incorrect and misleading”.
The clarification came Friday after cybersecurity researcher and ‘ethical’ hacker Rylen Anil claimed on X that a publicly accessible cloud storage endpoint linked to JEE (A) results portal could be accessed without authentication, potentially exposing candidate data. The claim sparked concerns among students and parents, with netizens sensing “a large-scale privacy breach affecting lakhs of aspirants”.
In response, IIT-R, which conducted JEE (A) 2026, stated the information circulated did not accurately reflect the facts and appeared to be an attempt to spread misinformation. In a statement, the institute said: “Certain technical interventions were carried out on June 2 on an expedited basis to assist candidates facing difficulties in accessing admit card data and to ensure the smooth functioning of the registration process.”
These interventions, according to IIT-R, resulted in minimal and temporary misconfiguration in a cloud storage component. The institute acknowledged that the issue was identified by Rylen Anil-a 12th standard student based in Dubai-who reported “being able to access the concerned database”. However, IIT-R said the configuration error was rectified immediately and access was restricted.
“The affected storage was read-only, meaning no data could be edited or deleted. An analysis of cloud access logs confirmed that no bulk download occurred, and the read-only access was limited to less than 0.05% of the data,” the institute further stated, adding that “no sensitive information was compromised or mass-extracted”.
It also stressed that the incident had “zero impact on examination outcomes, including marks, ranks and category of the candidates.”
Meanwhile, the Union ministry of education-battling NEET-UG 2026 and CBSE on-screen marking crises – also issued a statement reiterating that “reports of data breach and privacy violations were misleading”, adding that “candidate information, exam records, marks and rankings remained completely secure, intact and safe.”
This year, a total of 1,79,694 candidates appeared in both papers of JEE (A), of which 56,880 qualified.
