CBSE OSM Hack Row: Claims Around Nisarga Adhikary Explained

CBSE OSM controversy sparks online frenzy

A social media storm erupted this week after posts circulating across X, Telegram and student discussion forums claimed that a 19-year-old named Nisarga Adhikary had hacked the Central Board of Secondary Education’s OSM portal. The allegations quickly triggered panic among students and parents, with many fearing that sensitive academic data, admit card details, and school records may have been exposed.

The claims spread rapidly late Tuesday night, particularly among Class 10 and Class 12 student communities preparing for upcoming academic procedures linked to the CBSE ecosystem.

However, as the controversy intensified, officials familiar with the matter urged caution, saying there is currently no verified evidence proving that the CBSE’s core systems were breached.

The alleged incident has now become a wider conversation about cybersecurity, digital education infrastructure, and the dangers of misinformation in India’s highly connected student ecosystem.

What is the CBSE OSM portal?

The OSM portal, widely used within the CBSE administrative framework, helps schools and institutions manage operational and student-related records digitally. Over the years, CBSE has shifted much of its examination and academic workflow online, including registrations, corrections, document uploads, and institutional communication.

Because millions of students rely on these systems annually, even rumours of a cyberattack tend to trigger immediate concern.

Cybersecurity experts say educational databases have increasingly become attractive targets for hackers because they contain large volumes of personal information, including addresses, contact details, Aadhaar-linked records in some cases, and academic histories.

How did the allegations begin?

The controversy appears to have started after screenshots and messages surfaced online claiming that internal CBSE portal access had been obtained illegally. Several anonymous accounts alleged that a teenager from eastern India, identified as Nisarga Adhikary, was responsible for exposing vulnerabilities within the system.

Some posts claimed that database access screenshots were “proof” of a successful breach. Others suggested that login credentials were leaked through unsecured channels rather than through an actual hack.

Within hours, hashtags linked to the alleged breach began trending among student communities online.

But many of those claims were unsupported.

Several cyber analysts examining the viral screenshots noted that some images could have originated from publicly accessible demo interfaces, cached pages, or limited-access institutional dashboards rather than from a direct penetration of CBSE’s protected infrastructure.

That distinction is critical.

“A vulnerability disclosure and a full-scale hack are not the same thing,” said Kolkata-based cybersecurity researcher Anirban Chatterjee. “People often misuse the term hacking without understanding whether data was actually extracted, altered, or compromised.”

No official confirmation of major breach yet

As speculation mounted, individuals familiar with the matter indicated that internal checks were being conducted to determine whether any unauthorised access had occurred.

So far, no official statement has confirmed a large-scale data breach affecting students nationwide.

Sources in the education sector said preliminary assessments did not indicate widespread disruption of CBSE operations. Schools continued to access portals normally on Wednesday, and no mass outage was reported.

Cybersecurity specialists also cautioned against drawing conclusions based solely on viral screenshots.

“In many cases, screenshots alone cannot establish whether a secure server was compromised,” said Delhi-based digital security consultant Rohan Malhotra. “Sometimes leaked credentials, weak passwords, or access to low-level dashboards are presented online as evidence of a sophisticated cyberattack.”

That nuance has been largely missing from social media discussions, where the incident quickly turned sensational.

Who is Nisarga Adhikary?

Very little verified information is publicly available about Nisarga Adhikary. Social media users have circulated unverified claims about the teenager’s technical background, location, and alleged involvement in ethical hacking communities.

No law enforcement agency has publicly announced an arrest or filed charges connected to the matter as of Wednesday evening.

Cyber law experts warn that online speculation can become dangerous when identities are circulated without formal confirmation.

“Accusing individuals publicly without verified evidence can lead to harassment and legal complications,” said advocate Priyanka Saha, who specialises in cyber law cases in Kolkata. “Investigations involving digital systems require forensic examination, not internet speculation.”

Why the story matters beyond the controversy

The incident has once again highlighted the fragile state of cybersecurity awareness within India’s education ecosystem.

Over the last few years, schools, universities, coaching institutes and examination boards have rapidly digitised services. While this transition improved efficiency, it also increased exposure to phishing attacks, password leaks, and system vulnerabilities.

Experts say educational institutions often operate with limited cybersecurity budgets compared to banks or technology companies.

West Bengal schools and institutions are also increasingly dependent on digital systems for admissions, attendance, results, and scholarship management. Any breach involving national education boards therefore creates ripple effects across the country.

“This is no longer just an IT issue,” said an education technology consultant based in Salt Lake. “Student data protection is becoming a governance issue.”

Social media’s role under scrutiny

Another major aspect of the controversy is the speed at which unverified claims spread online.

Many users shared screenshots and dramatic allegations before any independent verification took place. Some accounts even exaggerated the incident by claiming that “all CBSE student records were leaked,” despite no official evidence supporting that assertion.

Fact-checkers monitoring the story noted that misinformation linked to examinations and results often spreads quickly because students are highly anxious about academic processes.

Digital literacy experts say the incident demonstrates why users must verify sources before amplifying sensational claims.

Political and public reactions

The controversy has also drawn reactions from student groups and online activists demanding stronger transparency from education authorities.

Some users criticised CBSE for not issuing an immediate public clarification, arguing that silence fuelled speculation. Others defended the board, saying premature statements during technical verification could worsen confusion.

Meanwhile, cybersecurity professionals used the incident to call for independent audits of educational portals and stronger data protection frameworks.

India currently lacks a deeply institutionalised cybersecurity structure across many educational platforms, especially at state and district levels.

What happens next

Whether the incident turns out to be a genuine cyber intrusion, an exaggerated claim, or a case of limited unauthorised access, investigators are expected to examine server logs, access records, and network activity in detail.

If vulnerabilities are identified, authorities may push for stricter authentication systems and enhanced monitoring across education platforms.

For now, officials continue to urge students and parents not to panic or trust unverified claims circulating on social media.

The controversy surrounding Nisarga Adhikary and the CBSE OSM portal may eventually fade, but the larger questions it raised about India’s digital education infrastructure are unlikely to disappear anytime soon.