One critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal.

June 29, 2026

An independent security researcher identified 14 vulnerabilities affecting Indian government IT systems, which put an array of citizen data at risk.

Two of the issues qualified as critical severity, and four as high severity. They affected major national platforms, including education and civil service portals used by millions of students and job aspirants, exposing highly sensitive personally identifying information (PII) like birthdays, addresses, and bank account numbers.

Thankfully, the government of the world's largest country listened to the young researcher and patched all of the vulnerabilities in two to three weeks' time.