Cyber Incident Victim: Indian Institute of Management Ahmedabad

The Indian Institute of Management Ahmedabad (IIM-A) experienced a cybersecurity incident involving its official CAT examination website, iimcat.ac.in, following the administration of the Common Admission Test (CAT) 2015 on November 29, 2015. Hackers breached the institute’s systems and publicly disclosed the results of approximately 200,000 candidates who had taken the high-stakes entrance exam. The compromised data included merit cutoff scores, which are critical for determining eligibility for admission to IIM and other top-tier business schools in India. This unauthorized release occurred before the official results announcement, undermining the integrity of the examination process. The CAT exam is a nationally significant assessment, attracting hundreds of thousands of aspirants annually, with outcomes directly influencing admissions to prestigious management programs. The breach exposed sensitive candidate performance data, creating immediate concerns about fairness and confidentiality.

The leak of CAT 2015 results represented a significant compromise of academic and personal information, potentially enabling misuse of candidate records. No technical details regarding the attack vector or IIM-A’s internal detection mechanisms were disclosed in available reports. The institute faced reputational damage due to the breach of its examination portal, which is entrusted with safeguarding critical admission-related data. The incident highlighted vulnerabilities in the administration of high-profile academic assessments, though no specific containment measures or forensic responses by IIM-A were documented in the source material. Consequences included loss of stakeholder trust and unauthorized access to merit-based cutoff information, which could influence admission dynamics. The breach’s timing—weeks after the exam but before official result declarations—amplified its disruptive impact on candidates and participating institutions.