New Delhi: The Indian Institute of Technology (IIT)-Roorkee on Friday dismissed claims of a data breach and privacy violation affecting lakhs of JEE (Advanced) aspirants as "misleading and factually incorrect", asserting that no sensitive information was compromised or mass-extracted following a temporary cloud-storage misconfiguration.

The Ministry of Education also rejected reports of a data breach and privacy violations involving JEE (Advanced) candidates.

"There have been several misleading and factually incorrect reports regarding data breach and privacy violations with respect to students who took JEE (Advanced) examination," the ministry said in a post on X.

"As per the clarification issued by @iitroorkee the Ministry reiterates that no sensitive information was compromised, and the examination outcomes, marks, and candidate information remain completely secure, intact, and safe," it added.

IIT-Roorkee, which conducted the engineering entrance examination this year, said information circulating on social media did not accurately reflect what had happened and alleged attempts to spread misinformation.

"Claims of a data breach and privacy violation affecting lakhs of JEE (Advanced) aspirants are misleading and factually incorrect. The information circulating on social media is misleading and does not accurately reflect what happened. There is an attempt at spreading misinformation, which is far from the truth," the institute said in a series of posts on X.

According to the institute, certain technical interventions were undertaken on an expedited basis on June 2 to assist candidates facing difficulties in accessing admit-card data and to ensure the smooth functioning of the registration process.

It said these interventions resulted in a "minimal, temporary misconfiguration" in a cloud-storage component that was identified and reported by ethical hacker Rylen Anil.

"An ethical hacker, Mr Rylen Anil, identified this misconfiguration and reported that he could access the concerned database. The issue was immediately rectified, and access to the data was restricted," IIT-Roorkee said.

The institute said the affected storage was "read only", meaning no data could be edited or deleted, and that an analysis of cloud-access logs confirmed no bulk download had occurred.

"The affected storage was read-only, meaning no data could be edited or deleted. An analysis of cloud access logs confirmed that no bulk download occurred (the read-only access was limited to less than 0.05 per cent of the data)," it said.

The institute further asserted that "no sensitive information was compromised or mass-extracted" and that the incident had "zero impact on examination outcomes, including marks, ranks, and category of the candidates".

Reaffirming its commitment to maintaining the integrity, security and transparency of the JEE (Advanced) and Joint Seat Allocation Authority (JoSAA) counselling processes, IIT-Roorkee said, "Deliberate attempts to misrepresent this technical event and undermine public trust in the examination system are deeply concerning and should be discouraged."

"The JEE (Advanced) team looks forward to supporting every aspirant through a smooth and secure admission process into IITs and IISc," it added.

Earlier, IIT-Roorkee had acknowledged a cloud-storage configuration issue after 16-year-old cybersecurity researcher Rylen Anil claimed that personal and examination details of lakhs of students were accessible without authentication through a public cloud-storage endpoint linked to the JEE (Advanced) 2026 results portal.

On Tuesday, the institute said the data was stored in read-only mode with no possibility of alteration and that corrective measures were being taken on priority.

The JEE (Advanced) examination is the gateway for admission to undergraduate programmes in the IITs and several other premier engineering institutions across the country.