A highly alarming situation has emerged in India concerning the data security of millions of students who take national entrance tests (such as CUET) and school examinations. Extremely confidential and personal information of these students is actively being sold through various websites on the internet.
Commercialization of Student Data
According to an NDTV English report, over half a dozen websites, including studentdataprovider.com, studentsdatabases.com, and studentdatahub.com, are openly selling this data to private universities, colleges, and admission consultants for client acquisition and lead generation purposes.
Price and Content of the Leak
It should be noted that the cost of this entire dataset ranges from 1000 to 10,000 rupees, depending on the volume and demographic filters (such as state, city, category). The website studentdataprovider.com features an advertisement for a 'CUET-2026 exam database,' which allegedly contains information on more than 1.5 million candidates.
The leaked information includes sensitive details such as student registration number, name, mobile phone number, email address, parents' names, date of birth (DOB), gender, and quota categories. As proof, the report states that the website provided data for 500 participants who took the Common University Entrance Test (CUET-UG) 2026 for free. It should be recalled that the National Testing Agency (NTA) conducted this exam from May 13 to June 3, and results were only announced on July 4.
Risks and Legislation
The open sale of student data directly contradicts the principles of the Digital Personal Data Protection Act (DPDP Act), which is being phased in across the country. This strict law, approved by the President in August 2023, stipulates fines of up to 250 million rupees for data privacy violations. However, the deadline for organizations to implement core compliance rules has been extended until May 2027, which hackers and websites may be exploiting.
Position of the National Testing Agency
The National Testing Agency (NTA) has stated that protecting candidates' personal information is their highest priority. The agency emphasized that the entire process of exchanging credentials and results with universities occurs in a secure, consent-based manner and is carried out through government platforms such as DigiLocker, National Academic Depository (NAD), and API Setu.
