CUET-2026 data for sale: Personal details of 1.5 million candidates sold online

New Delhi: Recent reports have highlighted a growing concern regarding the security of student information in India, as numerous websites have been identified selling databases containing the personal details of candidates who appeared for major national examinations, including the Common University Entrance Test (CUET).
According to a Hindustan Times report, portals such as studentdataprovider.com and studentsdatabases.com are openly marketing registries of students to universities and admission consultants. These databases are reportedly priced between ₹1,000 and ₹10,000, with one listing specifically advertising a "CUET-2026 Exam Database" containing over 1.5 million candidate records. The compromised information allegedly includes application numbers, names, mobile numbers, email addresses, dates of birth, and quota categories.
The sale of such data has sparked significant alarm among privacy advocates and cybersecurity experts. Dhruv Garg, a partner at the Indian Governance and Policy Project (IGAP), stated in the Hindustan Times report that student information collected for examinations should not be treated as "a tradable commodity for marketing." He further noted that if the data were obtained through unauthorised access or leaks from examination bodies, vendors, or coaching platforms, it could trigger legal provisions under India's Information Technology (IT) Act.
This development arrives as the Digital Personal Data Protection (DPDP) Act is being phased in. Under this framework, personal data is intended to be processed only for the specific purpose for which it was collected, generally requiring explicit individual consent. Violations of the Act can attract substantial penalties, reaching up to ₹250 crore.
Many students whose details have surfaced in these databases have reported receiving a surge of unsolicited marketing calls from private educational institutions. While the source of the leaks remains under investigation, industry experts like Maheshwer Peri, founder of Career360, have suggested that the availability of such specific data at low price points points to a systemic issue involving potential collusion or inadequate security protocols within the broader educational data economy, as noted by India Today.
For its part, the National Testing Agency (NTA) has maintained that it prioritises candidate privacy. The agency has stated that result and credential sharing with universities is conducted through secure, consent-based application programming interfaces (APIs) via official government platforms like DigiLocker and the National Academic Depository (NAD).
As the debate intensifies, stakeholders are calling for independent forensic investigations to determine whether these databases are the result of cybersecurity failures or insider compromises, urging that student data security be treated with the same level of scrutiny as examination integrity.