IIT Roorkee has officially denied claims of a data breach in the JEE Advanced 2026 examination process, labeling the reports as misleading and factually incorrect. The institute clarified that no bulk download of candidate data occurred and no sensitive information was compromised.
Official Denial by IIT Roorkee
In a detailed statement, IIT Roorkee asserted that the allegations of a data leak were unfounded. The institute explained that a temporary cloud-storage misconfiguration allowed unauthenticated read-only access to less than 0.05% of candidate data. This issue was immediately rectified upon discovery, and the institute confirmed that the incident had zero impact on examination outcomes, including marks, ranks, and category details.
Role of the Cybersecurity Researcher
Cybersecurity researcher Rylen Anil reported the vulnerability to IIT Roorkee. Anil clarified that only a small number of files were accessed for verification purposes before being deleted. The researcher emphasized that the exposure was limited and did not involve any malicious intent.
Initial Reports and Statistics
Earlier reports had suggested that approximately 1.79 lakh result records and 1.87 lakh admit-card files were potentially accessible. These files were said to contain personal and exam-related data. However, IIT Roorkee's investigation confirmed that the actual exposure was far less extensive and that no unauthorized bulk download took place.
Examination Timeline
The JEE Advanced 2026 examination was held on May 18, 2026, with results declared on June 1. The institute reiterated that the cloud misconfiguration did not affect the integrity of the examination process or the confidentiality of candidate data.
IIT Roorkee continues to monitor its systems and has implemented additional security measures to prevent such incidents in the future. The institute advises candidates and the public to rely only on official communications for accurate information.
