The Indian Institute of Technology Roorkee (IIT Roorkee), one of India’s most prestigious engineering institutions, is facing serious scrutiny after a massive data breach compromised the personal information of more than 30,000 students and alumni. The exposed data reportedly included names, mobile numbers, caste categories, financial backgrounds, email addresses, and graduation details. According to initial reports, the breach originated from records maintained by the academic affairs department, which were left openly accessible on a public-facing website for years.

The vulnerability was alarmingly simple to exploit — anyone with access to a student’s enrollment number could retrieve an array of personal details directly from the site. Cybersecurity experts have called this a fundamental flaw in the website’s security architecture, with evidence suggesting the sensitive database may have been publicly accessible for over a decade. This prolonged exposure has sparked fears that the compromised information may have been misused for unknown purposes.

IIT Roorkee officials have confirmed the launch of an internal cybersecurity investigation. Deputy Director U.P. Singh stated that the matter has been referred to the Deans of Academic Affairs and Student Welfare for urgent action. However, the institute has withheld the identities of affected individuals, citing the ongoing inquiry. Officials noted that the data appears to have been accessed and possibly shared from an unknown location, further complicating the investigation.

Founded in 1847 as the Thomason College of Civil Engineering, IIT Roorkee has long been celebrated as a hub of engineering excellence in India. This incident, however, serves as a wake-up call for data security in higher education. Experts stress the urgent need for regular security audits, strong encryption protocols, and strict access controls to safeguard sensitive academic records in an era where cyberattacks and data leaks are increasingly common.