"NEET PG 2025 Data Breach: Over 1.3 Lakh Medical Aspirants’ Personal Information Sold Online, Raising Serious Privacy and Security Concerns"

Spread the Message

Read Time:4 Minute, 22 Second

The recent alleged massive data breach involving NEET PG 2025 student information has caused significant concern among medical students, healthcare professionals, and authorities in India. This incident reportedly involves the personal details of approximately 1.38 lakh candidates being leaked and sold online for as low as Rs 3,599, exposing sensitive information such as names, phone numbers, email addresses, roll numbers, ranks, and scores. The controversy arrives amid ongoing legal proceedings and operational delays in the NEET PG admissions process, intensifying the distress of affected students.

Key Details of the Breach

Reports first surfaced when multiple online listings and Telegram channels advertised NEET PG 2025 student databases as digital products for sale. These listings include sample data showing detailed information of about 200 students, with full datasets ranging in price from Rs 3,000 to Rs 8,500. The leaked data reportedly covers personally identifiable information (PII) such as candidate names, their fathers’ names, contact information, application IDs, scores, and ranks. Random checks confirmed with students that the leaked phone numbers and other data points were accurate, but many candidates were unaware of how their data was compromised.

Candidates have complained about receiving unsolicited calls and messages from admission counselors offering MD or MS seats through unofficial routes outside the Medical Counselling Committee (MCC) and National Board of Examinations in Medical Sciences (NBEMS) processes. This has raised suspicions that the leak has been exploited for unethical counseling and seat-selling scams. Social media platforms like X (formerly Twitter) and Reddit have amplified student grievances, demanding accountability and stronger data protection measures.

Institutional Responses

The NBEMS, which conducts the NEET PG exam and declares results, has denied direct responsibility for the leak. NBEMS officials explained that after exam results are declared, student data is transferred in password-protected pen drives to the MCC for All India Quota counseling and to state authorities for state quota counseling. Passwords are sent separately in sealed envelopes. The official noted that potential data leaks could have occurred at any stage beyond NBEMS’s control, highlighting vulnerabilities downstream in the handling and distribution of candidate data between multiple agencies.

Expert Commentary

Dr. Vibhor Gupta, founder of The Medical Bulletin, expressed deep concern over the breach, stating: “It’s deeply unfortunate that the personal data of 1,38,456 NEET PG aspirants has reportedly been leaked and sold online for just ₹3,599. The public display of sample data to attract buyers shows clear negligence and exploitation.”

A medical student, Abhishek Ranjan, criticized the National Medical Commission (NMC) and involved IT providers for failing to protect candidates’ privacy, emphasizing this breach as a “criminal betrayal of trust.”

Context and Background

NEET PG serves as the gateway for admission to postgraduate medical courses across India, making the confidentiality and integrity of candidate data paramount. The exam has faced multiple challenges in recent years, including cancellations and Supreme Court hearings. This latest controversy surrounding data privacy underscores systemic weaknesses in information security within medical education administration.

The sharing of sensitive data among multiple bodies such as NBEMS, MCC, and state authorities, necessary for the counselling process, raises the risk of leaks at any handling point. Cybersecurity experts caution about the pervasive risk posed by distributed data handling and the need for stringent end-to-end encryption and access controls.

Public Health Implications

Beyond individual privacy invasion, the breach threatens trust in the medical education system and may discourage aspirants from participating fully or candidly. The misuse of leaked data for unauthorized counseling creates unfair access barriers, undermining merit-based admissions critical for healthcare quality and equity.

It also highlights the imperative for urgent reforms in data governance policies by medical authorities, ensuring robust cybersecurity frameworks and transparent accountability mechanisms to safeguard personal data of future medical professionals.

Limitations and Counterarguments

NBEMS has pointed out that the leak likely did not originate from within their direct control. The multiplicity of data-sharing points complicates pinpointing exact breach sources. Authorities argue that data transfer protocols utilize protection measures, though they admit no system is entirely immune.

Critics highlight insufficient transparency from responsible bodies on breach investigations and lack of timely communication with affected candidates. Some suggest the leak may also involve external cyberattacks or insider threats, aspects currently under investigation.

Practical Takeaways for Readers

Students should be vigilant about unsolicited counseling offers and verify seat-related information only through official MCC or NBEMS portals.
Candidates must regularly update passwords and be cautious of phishing attempts leveraging leaked information.
Healthcare institutions need to prioritize cybersecurity investments and training for personnel managing sensitive data.
Public awareness about digital privacy rights and legal recourses in case of data breaches should be enhanced.

Medical Disclaimer

Medical Disclaimer: This article is for informational purposes only and should not be considered medical advice. Always consult with qualified healthcare professionals before making any health-related decisions or changes to your treatment plan. The information presented here is based on current research and expert opinions, which may evolve as new evidence emerges.