New Delhi: Claims of a data breach and privacy violation affecting lakhs of JEE (Advanced) aspirants are "misleading and factually incorrect", IIT Roorkee said on Friday, asserting that no sensitive information was compromised or mass-extracted following a temporary cloud storage misconfiguration.Indian Institute of Technology, Roorkee, which conducted the exam this year, said that the information circulating on social media "does not accurately reflect what happened" and alleged an attempt to spread misinformation.The JEE (Advanced) is the gateway for admission to undergraduate programmes at the Indian Institutes of Technology (IITs) and several other premier engineering institutions across the country.Read More: After CBSE and NTA row, JEE Advanced 2026 data exposure claim by a Dubai-based researcher sparks security debate, institute responds"Claims of a data breach and privacy violation affecting lakhs of JEE (Advanced) aspirants are misleading and factually incorrect. The information circulating on social media is misleading and does not accurately reflect what happened. There is an attempt at spreading misinformation, which is far from the truth," IIT Roorkee said in a series of posts on X.According to the institute, certain technical interventions were undertaken on an expedited basis on June 2 to assist candidates facing difficulties in accessing admit card data and to ensure the smooth functioning of the registration process.Claims of a data breach and privacy violation affecting lakhs of JEE (Advanced) aspirants are misleading and factually incorrect.The information circulating on social media is misleading and does not accurately reflect what happened. There is an attempt at spreading…— IIT Roorkee (@iitroorkee) June 5, 2026 It further said these interventions resulted in a "minimal, temporary misconfiguration" in a cloud storage component, which was identified and reported by ethical hacker Rylen Anil."An ethical hacker, Mr Rylen Anil, identified this misconfiguration and reported that he could access the concerned database. The issue was immediately rectified, and access to the data was restricted," the institute said.The affected storage was "read only", meaning no data could be edited or deleted, IIT Roorkee said, adding that an analysis of cloud access logs confirmed that no bulk download had occurred."The affected storage was read-only, meaning no data could be edited or deleted. An analysis of cloud access logs confirmed that no bulk download occurred (the read-only access was limited to less than 0.05 per cent of the data)," it said.The institute further asserted that "no sensitive information was compromised or mass-extracted" and that the incident had "zero impact on examination outcomes, including marks, ranks, and category of the candidates".Reaffirming its commitment to the examination process, IIT Roorkee said it remains fully committed to maintaining the integrity, security and transparency of the JEE (Advanced) and JoSAA counselling processes."Deliberate attempts to misrepresent this technical event and undermine public trust in the examination system are deeply concerning and should be discouraged," it said.Read More: Sarthak, who uncovered CBSE-OSM irregularities, shares a message for CJP and Abhijeet Dipke ahead of June 6 protest"The JEE (Advanced) team looks forward to supporting every aspirant through a smooth and secure admission process into IITs and IISc," it added.Earlier, IIT-Roorkee had confirmed that the JEE (Advanced) 2026 results portal faced a cloud storage configuration issue after a teenager, who identifies as a cybersecurity researcher, claimed that personal and examination details of lakhs of students were accessible without authorisation.The response from IIT-Roorkee, which conducted the exam this year, came after the cybersecurity researcher, 16-year-old Rylen Anil, took to X, claiming that the public cloud storage endpoint of the result portal was accessible without authentication, exposing bulk candidate data.On Tuesday night, the institute said the data stored was in read-only mode, with no possibility of record alteration and added that the issue was being addressed on priority.