CBSE blames portal glitch on ‘malicious attack’ amid renewed scrutiny of COEMPT deal

The government's explanation for recent disruptions in the CBSE revaluation portal — a “malicious attack” involving alleged unauthorised access by around 50 students as per 'sources' — has introduced a new dimension to an already widening controversy surrounding the education board’s digital systems and vendor selection process.

The sources have attributed abnormal fee displays on the portal, ranging from around Re 1 to nearly Rs 68,000 in some cases, to manipulation linked to the HDFC payment gateway when the system went live. Officials said the issue affected a limited number of users and prompted a broader technical response, including the addition of payment gateways from four public sector banks, scrutiny by experts from IIT Madras and IIT Kanpur, and infrastructure support through Amazon Web Services.

The technical explanation has surfaced at a time when attention was increasingly turning to a separate and politically sensitive question: whether CBSE altered tender conditions in ways that benefited education technology firm COEMPT.

Lok Sabha Leader of Opposition Rahul Gandhi on Friday amplified allegations made by 17-year-old Sarthak Sidhant, whose blog argues — using comparative readings of CBSE tender documents — that the board modified elements of its selection framework to favour COEMPT over Tata Consultancy Services.

In a post on X, Gandhi said Sarthak had exposed how CBSE “manipulated its own selection process” using the board’s own documents and claimed the findings had undercut Union education minister Dharmendra Pradhan’s denials. Renewing his demand for an independent judicial inquiry, the leader of Opposition asked who the government was “protecting, and why”.

The significance of Sarthak’s allegations lies in their documentary nature. Rather than relying primarily on political claims, the blog compares successive CBSE tenders and points to specific changes in eligibility and technical requirements.

Among the changes highlighted are reported revisions to technical benchmarks, including capability requirements such as CMMI certification levels, alterations to clauses dealing with blacklisting and poor performance, and changes involving project qualification, infrastructure and software conditions. The broader argument advanced in the blog is that these revisions cumulatively widened or preserved COEMPT’s eligibility.

Whether those changes amount to deliberate favouritism remains contested. Procurement frameworks are frequently revised after failed rounds, restrictive criteria or market feedback. The central question is whether the modifications can be justified on operational grounds or whether they disproportionately advantaged a particular bidder.

It is against this backdrop that the “malicious attack” explanation is likely to invite closer examination.

The public conversation, which had increasingly focused on vendor selection, tender design and COEMPT’s role, is now also being shaped by a cyber-technical narrative involving alleged intrusion, payment gateway vulnerabilities and infrastructure fixes.

That does not, by itself, make the new explanation a distraction or a counter-narrative. Large-scale education platforms do experience technical failures, and payment integration issues, scaling problems and security vulnerabilities are not implausible in high-volume digital systems.

But the emergence of the new storyline raises its own questions. Was there an actual external intrusion, a software flaw, a payment integration failure, or some combination of these? What precisely do officials mean when they say students “manipulated” the system? And will technical logs, forensic findings or independent audit conclusions be placed in the public domain?

The key point is that the two controversies need not be mutually exclusive. A genuine procurement dispute and a genuine technical incident can coexist.

Yet once an institution facing scrutiny over tender processes introduces a cyber-security explanation for operational disruption, the demand for transparency deepens rather than diminishes. The debate is no longer only about portal glitches or political accusations, but about whether the systems, procurement decisions and explanations surrounding one of India’s most consequential education bodies can withstand sustained public scrutiny.

With PTI inputs