NEET PG 2025 Data Breach Scandal: Candidates' Personal Details Sold Online for ₹3,599 Amid Official Probe

Spread the Message

Read Time:6 Minute, 45 Second

NEET PG 2025 aspirants are at the centre of a growing data privacy storm after multiple reports alleged that detailed personal and exam-related information of candidates is being openly marketed and sold online through websites and Telegram channels. The National Board of Examinations in Medical Sciences (NBEMS) has submitted a report to the Union Health Ministry and maintains that the breach did not occur at its level, while investigations into the source and scale of the alleged leak remain ongoing.

What happened and who is affected

Several NEET PG 2025 candidates have alleged that their names, contact numbers, email IDs, roll numbers, application IDs, cities, states, scores, ranks, and even parents’ details are being packaged and sold as “NEET PG 2025 Student Database” on online portals and messaging platforms. Media reports describe sample files showing data for around 200–201 candidates, with full databases marketed for prices typically ranging from about ₹3,000 to ₹8,500, and in some cases quoted at ₹3,599 or even ₹7,000–₹10,000 after negotiation.

Candidates have reported receiving unsolicited calls and messages from admission agents and private counsellors offering to secure MD or MS seats outside the official counselling system, raising suspicions that their contact information has been misused. Many aspirants state they never consented to their information being shared for marketing or admissions brokerage and say the episode represents a serious breach of trust in national-level examination systems.

How the alleged data sale works

Education and news portals that accessed the listings describe them as commercial products marketed with promotional language such as a “ready-to-use medical student directory… tailor-made for outreach, admissions, analytics, or marketing campaigns”. Sellers advertise that datasets include names, contact details, category, rank, score, and location for “every NEET PG aspirant of 2025”, presented as structured spreadsheets that can be downloaded instantly after payment.

Some portals and Telegram channel operators reportedly share a small “sample” – for example, lists of 100–200 candidates – to demonstrate authenticity before demanding payment for the full dataset. When journalists and students cross-checked select entries by calling candidates whose numbers appeared in these samples, those individuals confirmed they had indeed appeared for NEET PG 2025 and recognised their own details, though many were unaware such lists existed.

Official response and ongoing probe

In response to public outcry, NBEMS has submitted a report on the alleged leak to the Union Health Ministry, and officials say the matter is under scrutiny. NBEMS representatives have stated that the data circulating online appears to include details only of qualified candidates and argue that this suggests any leak may have occurred “further down the chain”, after data was handed over to counselling authorities.

NBEMS has maintained that it securely transfers candidate data to the Medical Counselling Committee (MCC) and that the examination data is handled through a government-empanelled technology partner, with firms such as Tata Consultancy Services managing online applications and scorecard publication. Officials say the architecture includes role-based access with a limited number of authorised personnel and claim there is no direct provision for bulk data retrieval in a way that matches what is being circulated, although these assertions have not yet been independently verified.

Why this matters for health and public trust

NEET PG is the national gateway to postgraduate medical seats in India, and any compromise of its processes has implications that go far beyond an exam season controversy. If candidate data is indeed being commercialised, it risks:

Eroding trust in high-stakes health education examinations, which are foundational to building the future healthcare workforce.
Normalising direct marketing and admission brokering that can undermine transparent, merit-based counselling processes.
Exposing young doctors and medical aspirants to persistent harassment, fraud attempts, and pressure from unregulated agents during an already stressful phase.

From a broader public health perspective, the credibility of entrance examinations and medical institutions is a key component of confidence in health systems, because society depends on these mechanisms to ensure that specialists are selected fairly and trained rigorously.

Under India’s recently notified Digital Personal Data Protection Act (DPDP), 2023, personal data may lawfully be processed only for specific, clear purposes and generally requires valid consent, especially when used for marketing or profiling. Although NEET PG candidate information is collected for exam and counselling administration, using the same data for commercial outreach or for selling to third parties without consent would conflict with the core principles of purpose limitation and data minimisation that underpin modern privacy law.

India’s health and education regulators have previously emphasised that examination data and health records must be treated as sensitive personal information and handled with strict safeguards, audit trails, and accountability structures. The current controversy highlights how educational databases, which may not be traditionally framed as “health data”, can still have serious consequences for future health professionals if mismanaged.

Expert perspectives on risks to candidates

Cybersecurity and medical education experts warn that databases containing names, contact details, locations, and exam performance can be misused in several ways, even if they do not include financial details. Potential risks include:

Targeted phishing or scam calls that exploit exam stress, such as offers of guaranteed seats, fabricated “verification” processes, or fake counselling portals.
Long-term profiling of young doctors by commercial actors, coaching agencies, or unregulated recruiters without their knowledge or control.

Ethicists also note that selling such lists commodifies candidates as marketing leads rather than treating them as individuals whose data is entrusted to authorities for a limited, clearly defined purpose. For future doctors expected to uphold confidentiality for patients, experiencing a privacy violation early in their own careers can send a deeply contradictory message about the value placed on information protection within health systems.

What NEET PG candidates can do now

While the investigation continues, experts recommend that affected or potentially affected candidates take practical steps to reduce harm and protect themselves from further misuse.

Treat unsolicited calls or messages about NEET PG seats, “backdoor” admissions, or guaranteed college allotments with extreme caution, and avoid sharing additional personal details, documents, or payments over phone or chat.
Use call-blocking features and report suspicious numbers and messages to telecom operators, cybercrime portals, and, where relevant, state cyber cells.
Regularly monitor email accounts and messaging apps for phishing attempts that mimic official authorities and verify all links and communications against official NBEMS and MCC websites before clicking or responding.

Candidates can also consider filing formal complaints with NBEMS, the Health Ministry, or the national cybercrime reporting portal if they believe their information has been misused, as cumulative complaints can strengthen the case for regulatory and legal action.

Broader policy and system implications

The NEET PG 2025 data controversy underscores the need for stronger, sector-specific data governance frameworks in exams and medical education. Policy analysts and digital-rights advocates are calling for:

Clear accountability chains that specify which entity is responsible for data at each stage—from registration to counselling—and mandatory breach notification requirements when any compromise is suspected.
Independent security audits of examination databases and counselling platforms, regular vulnerability assessments, and public reporting of safeguards.
Stricter penalties and enforcement against brokers, companies, or individuals found trading or purchasing such databases, to deter the emergence of a parallel data marketplace.

In the long term, reinforcing data protection measures in entrance exams is not only a technical or legal issue but also a trust-building exercise with future health professionals and the public they will eventually serve. Transparent communication, timely investigations, and visible corrective steps will be crucial in restoring confidence in NEET PG processes and in the institutions that oversee them.

Medical Disclaimer: This article is for informational purposes only and should not be considered medical advice. Always consult with qualified healthcare professionals before making any health-related decisions or changes to your treatment plan. The information presented here is based on current research and expert opinions, which may evolve as new evidence emerges.