The Central Board of Secondary Education successfully defended its online verification and re-evaluation portal against a coordinated 3.8 million-packet denial-of-service attack on June 4, 2026, while simultaneously processing over 56,000 student applications submitted since the portal went live on June 2. CBSE announced the successful repulsion of the cyberattack in a statement posted on X, confirming that its technical teams had detected, blocked, and contained the attack while keeping the portal fully operational for students seeking review of their Class 12 board exam evaluations. The board stated that its technical teams are proactively monitoring performance and continuously introducing refinements to deliver a smoother, faster, and more seamless experience for students throughout the application window, which remains open until midnight on June 6.
The attack disclosed on June 4 was not an isolated incident. CBSE had also revealed the previous day that malicious actors had earlier attempted to disrupt portal services through a barrage of cyberattacks — including a separate wave that caused 1.5 million hits on the platform within just two minutes, alongside more than one lakh attempts at unauthorised file access. The cumulative scale of attacks targeting the portal across both days reflects a deliberate and sustained campaign to disrupt a service that hundreds of thousands of India's Class 12 students are depending upon to exercise their legal right to seek re-evaluation of their board examination results. Despite the volume and persistence of these attacks, CBSE confirmed that services remained operational and no data compromise has been disclosed.
The re-evaluation portal was opened to students who had already obtained scanned copies of their evaluated answer books and wish to report specific issues — including missing pages, missing supplementary sheets, blurred scans, incorrect answer books, or evaluation conducted against a different question paper set — or to seek re-evaluation of specific answers they believe were marked incorrectly. The fee structure is Rs 100 per subject for verification and Rs 25 per question for re-evaluation. Applications must be submitted through the online portal exclusively, with offline submissions not accepted. CBSE introduced Aadhaar-based authentication this year as a security measure to verify applicant identity — for students without [Aadhaar Redacted], the [Aadhaar Redacted] details of a parent, guardian, or relative may be used for verification purposes.
To handle the volume of applications and payments, CBSE integrated payment gateway services from four public sector banks — State Bank of India, Bank of Baroda, Canara Bank, and Indian Bank. SBI processed over 40,000 CBSE-related transactions through its gateway. Bank of Baroda processed over 7,500 transactions, Canara Bank served over 4,000 customers across different banks, and Indian Bank processed over 5,000 transactions. Students are not required to hold accounts with these specific banks — the gateways accept UPI, debit cards, credit cards, and internet banking from all banks.
The cyberattacks arrive at a particularly fraught moment for CBSE's digital infrastructure. The board has faced sustained public scrutiny over the past several weeks regarding its On-Screen Marking system, which was introduced for Class 12 evaluation and has been linked to complaints of answer-sheet mix-ups, marking discrepancies, and grade allocation errors. CBSE Chairman Rahul Singh and Secretary Himanshu Gupta were both transferred amid the controversy, and the government has constituted a one-member inquiry committee headed by S. Radha Chauhan of the Capacity Building Commission to examine the procurement and implementation of OSM services. The targeting of the re-evaluation portal during this sensitive period — when students are seeking corrections to potentially flawed evaluations — suggests the cyberattacks were timed to maximise disruption to an already contested process.