The Company That Caused 23 Deaths, Rebranded, and Won India's Largest Exam Contract

The company that received India's largest school examination contract is the same company whose software failure was linked to 23 student suicides in Telangana. It simply changed its name.

Documentary evidence from the Ministry of Corporate Affairs establishes an unbroken corporate continuity between the entity responsible for that 2019 catastrophe and the vendor currently managing the CBSE On-Screen Marking system for the 2025-26 academic year. Corporate filings confirm that the entity operating under Corporate Identification Number U72200TG2000PTC034224 was originally incorporated on April 11, 2000. Over 26 years, this single legal entity has operated under three names: Globarena Technologies Private Limited, Globarena iTeknowledge Private Limited, and currently, Coempt Edu Teck Private Limited. Throughout these renamings, the registered address has never moved — Plot No. 8-3-224/4/C, F-28, Madhuranagar, Yousufguda, Hyderabad, Telangana, 500038.

Director history confirms this continuity further. Anantha Madabhushini Chary (DIN 00005042) was appointed to the board on July 3, 2000, and remains Managing Director today. CEO Suryanarayana Vuyyuri Raju (DIN 08754819) co-manages the firm alongside three other directors. The firm's paid-up capital stands at ₹20 crore against an authorized capital of ₹25 crore — a modest balance sheet for the manager of a national examination infrastructure serving 17 lakh students.

The historical record of this entity is defined by what happened in Telangana in 2019. Operating as Globarena Technologies, the company was awarded a ₹4.35 crore project to process examination results for approximately 8.7 lakh intermediate students. The deployment of their software resulted in catastrophic data corruption: over 3.8 lakh students received incorrect results. Students were marked absent despite having appeared. Others received zeros, or marks with impossible totals. The widespread collapse triggered immense public distress, and 23 students died by suicide across the state.

The Telangana government constituted a three-member expert committee comprising senior officials from Telangana State Technology Services, BITS Hyderabad, and IIT Hyderabad. The committee submitted its findings on April 26, 2019, documenting what it called "systemic failure, procedural collapse, and glaring negligence." The findings were damning in their specificity. Globarena Technologies had never signed a formal contract with the Telangana State Board of Intermediate Education — the entire high-stakes operation ran on nothing more than a basic work order. Critical software faults had appeared as early as October 2018, nearly six months before results were declared, yet the vendor's responses to warnings were deemed "unsatisfactory." The committee called the deployment without adequate testing "the biggest mistake in the entire process."

Technical errors were systematic and highly specific. In 531 cases, practical marks for Geography students disappeared entirely. In 496 cases, students received a printed error code "AP" where numerical marks should have appeared. Some 4,288 students in the MEC stream — Mathematics, Economics, and Commerce — had their grades erroneously truncated to single digits. The TSBIE's own electronic data processing monitoring team had been inexplicably disbanded months before results day, leaving the entire software development life cycle unmonitored by the state.

Despite these conclusive findings of gross negligence, the Telangana government never formally initiated blacklisting proceedings. The entity rebranded from Globarena Technologies to Coempt Edu Teck exactly six months after the crisis. This calculated corporate sanitization allowed the firm to bypass standard procurement restrictions, subsequently securing contracts with JNTU Hyderabad in 2023 and, ultimately, the national CBSE contract in 2025.

The procurement process governing this contract was defined by an irregular, rapid-fire tendering cycle that ran from February to August 2025. The CBSE floated, cancelled, and re-floated the requirement three times until a specific vendor profile could navigate the evaluation criteria successfully.

The first tender appeared on the Central Public Procurement Portal on February 4, 2025. Shortly after its issuance, it was entirely wiped from both the Government e-Marketplace and the CPPP public archives. Government procurement mandates under GFR 2017 require a strict administrative audit trail for any such deletion — making its complete archival erasure deeply irregular. No official explanation has been provided for its disappearance.

The second tender (Tender ID: 2025_MHRD_858645_1) was issued on May 2, 2025. It established rigid technical specifications and stringent quality-control benchmarks. Four vendors submitted bids, including Tata Consultancy Services, Coempt Edu Teck, and Xlict Software. During the technical evaluation phase, all four bidders failed to meet the specifications. The tender was cancelled outright.

Here was the critical decision point. Rather than maintaining the high technical bar and seeking more capable enterprise-grade vendors, the CBSE issued a third tender (Tender ID: 2025_MHRD_875046_1) on August 28, 2025, systematically diluting the qualification framework.

Under the Quality and Cost Based Selection method stipulated by the tender, technical scores carried a 70% weightage and financial bids 30%. By undercutting TCS by nearly 60% — bidding ₹38.46 crore against TCS's ₹95.13 crore — Coempt secured the maximum financial score. The combined scoring produced a contract award that sent 9.86 million Class 12 answer books, and the academic futures of 17 lakh students, to a company whose bid was essentially built on rented servers and borrowed credibility.

The timeline of this award engineered a severe operational risk. By finalising the commercial bid in late November and awarding the contract on December 5, the CBSE granted Coempt just 74 days before the commencement of board examinations in February 2026. Standard enterprise onboarding for secure digital infrastructure serving millions of users — involving architecture design, penetration testing, mock runs, and phased deployment — requires a minimum of six to eight months. The board knowingly forced a rushed deployment.

A forensic textual comparison between the cancelled second tender and the awarded third tender reveals eight precise, highly specific alterations to the evaluation criteria. Each modification diluted a quality standard. Every single one directly benefited Coempt Edu Teck.

Each of these changes, taken individually, might be explained as a market-driven adjustment. Taken together — eight coordinated modifications, each benefiting the same vendor, issued between two consecutive tenders after the first failed — they read differently. By shifting the language from "blacklisted earlier" to "currently blacklisted," the drafting committee carved out a precise safe harbor for a firm that had escaped formal debarment only through Telangana's administrative failure. By dropping the CMMI Level 5 requirement, the board signalled its willingness to accept inferior software engineering for a system managing the academic data of millions of minors. By deleting physical data centre ownership requirements, it allowed a cloud systems integrator effectively renting server space to outscore the country's largest IT services exporter on technical infrastructure.

Three weeks before the final bid submission deadline, the CBSE issued a corrigendum — and quietly removed the government's most powerful enforcement tool from the contract.

The original August 28 tender document, under its section on penalties for "Other Mistakes" — covering systemic software failures, massive security breaches, data corruption, or continuous operational delays — explicitly granted the CBSE the authority to both financially penalize and formally blacklist the vendor. The September 20, 2025 corrigendum struck the word "Blacklisting" from the penalty clause entirely.

The revised clause read simply: "If any of the mistakes from 'Other Mistakes' is repeated by the bidder, then CBSE reserves the right for forfeiture for Security Deposit, and Termination of contract."

This documentary evidence confirms that the CBSE voluntarily stripped itself of its most powerful regulatory weapon against vendor malfeasance weeks before awarding the contract to a company with a documented history of examination disasters. While cascading financial penalties remained intact — including a ₹1 lakh fine for every 15-minute delay in rectifying a helpdesk-flagged issue — the removal of debarment power ensured that Coempt Edu Teck would not face a national ban on future public contracts regardless of how catastrophic the OSM platform's failure proved to be in production.

The legal implications under GFR 2017 are severe. Rule 151 explicitly grants ministries the right to debar vendors for breach of contract or poor performance. By removing this clause from the mutually agreed contract language, the CBSE severely hampered the government's legal standing to enforce a ban during subsequent arbitration or judicial review. This was not an oversight in legal drafting — it was a pre-emptive act of insulation. The question of who approved this corrigendum at the Ministry of Education level, and why no senior official questioned the voluntary surrender of such authority, remains unanswered.

The Onmark platform's security vulnerabilities were not subtle. They were elementary. What made them extraordinary was that a 19-year-old independent researcher found them — and the CBSE's own systems had not.

Nisarga Adhikary documented, with irrefutable technical evidence, that Coempt's cloud storage infrastructure for the 2026 scanned answer sheets was left entirely open to the public internet. The company had used Amazon Web Services S3 buckets to house the scanned answer scripts and question papers. These buckets were improperly configured with ListObjectsV2 permissions enabled without any authentication requirements — meaning anyone with an internet connection could enumerate, paginate, and download the examination materials of millions of students across multiple institutions.

The contract between CBSE and Coempt mandated a CERT-In certified Vulnerability Assessment and Penetration Testing report prior to the Go-Live date, requiring documented closure of identified security gaps. The public record does not establish whether Coempt submitted a falsified VAPT report, or whether the CBSE waived the requirement entirely to meet the rushed 74-day deployment deadline. Both scenarios represent a catastrophic failure of institutional oversight. The Ministry of Electronics and Information Technology must answer how a MeitY-empaneled cloud environment was permitted to host an application containing hardcoded master passwords in a live national production environment.

The physical digitisation of 9.86 million bound answer scripts is the critical first step of any On-Screen Marking system. If the initial scan is illegible, the entire digital evaluation chain fails.

The second tender had been clear about this. Scanning must be executed using "automatic book/robotic scanners" capable of digitising pages without cutting the binding spines of the booklets — a standard, non-destructive method for handling large volumes of bound examination material. The revised third tender deleted this precise technical specification entirely. It replaced it with a vague, unquantifiable requirement for the vendor to deploy "sufficient scanners." What counted as sufficient was left undefined.

The practical consequence manifested immediately. Students who requested copies of their scanned answer scripts reported receiving severely blurred images, missing pages, and skewed text that rendered documents completely illegible. Digital forensic analysis and EXIF metadata observation of returned PDFs indicated that at various regional centres, scanning operators had resorted to using standard flatbed scanners or — in documented cases — mobile phone cameras to photograph the booklets rather than deploying enterprise-grade robotic OCR hardware. An internal memo from the Ranchi CBSE Regional Office, which merely requested duplex 60 ppm and 300 DPI scanners, demonstrates how far the operational reality had drifted from any professional standard.

The penalty architecture of the new tender explains why this happened. The original tender imposed granular quality penalties: ₹4,000 for wrong scanning, ₹8,000 for partial or merged scanning, ₹15,000 for completely unscanned books, anchored by a strict error rate threshold of 0.5%. The revised tender deleted the mathematical error rate and replaced these quality penalties with bulk, time-based delay penalties of ₹50,000 per working day. The incentive structure had been precisely inverted: speed over accuracy. Vendors facing massive daily fines for lateness had every financial reason to rush, regardless of image quality. The answer sheets photographed on mobile phones were the logical — and foreseeable — result.

As the On-Screen Marking system began failing in live environments, thousands of teachers and evaluators faced constant portal crashes, illegible script scans, and missing pages. When they turned to social media to report these failures and seek technical assistance, the board responded not with technical support, but with a formal circular threatening disciplinary action.

On March 16, 2026, Dr. Sanyam Bhardwaj, Controller of Examinations, issued Advisory 2 (Ref: CBSE/SPPS/OSM): "Advisory to Teachers Involved in Evaluation — Refrain from Sharing Misleading Information on Social Media."

The circular framed every evaluator's first-hand account of a failing portal as a "rumour." Technical grievances about illegible scans and missing pages were classified as "misleading information." The CBSE, faced with a catastrophic vendor failure, deployed an authoritarian gag order against its own workforce rather than addressing the systemic collapse the workforce was experiencing and reporting.

By threatening legal and disciplinary action against evaluators who exposed the platform's flaws, the CBSE leadership actively suppressed evidence of contractual breaches committed by Coempt Edu Teck — making the board complicit in the vendor's failure to deliver a functional product. The public record does not establish how many teachers were formally subjected to disciplinary action, or whether show-cause notices were issued. Those records lie within the CBSE Human Resources and Disciplinary committees, and the Department of School Education must answer whether the Ministry sanctioned the use of administrative threats to silence public servants reporting software failures of this severity.

The IDOR vulnerability documented by Nisarga Adhikary was not simply a privacy breach. It was an attack vector into the marking system itself. The researcher demonstrated that an attacker — using only a browser's developer tools — could modify sessionStorage values, log in as any specific evaluator, navigate internal routes, and theoretically manipulate grades before they were locked by the system. Server-side authentication did not catch this because server-side validation did not meaningfully exist for these pathways.

This places every mark awarded on the Onmark platform in a legally and mathematically ambiguous position.

The national pass percentage for the 2026 Class 12 examinations plunged to 85.20%, the lowest recorded in seven years. The CBSE was flooded with 2.94 lakh applications for the re-evaluation of 8.56 lakh answer books — more than twice the previous year's volume. As students rushed to verify their grades, the CBSE's own payment system for re-evaluation collapsed, deducting additional charges in some cases and failing to register others.

The legal implications are unprecedented in Indian public education. If the cryptographic controls and unalterable audit logs — which should track every keystroke, grade alteration, IP address, and timestamp — are not demonstrably robust, the CBSE cannot legally certify that the final marks awarded to the 17 lakh students were not tampered with. The severity of the crisis prompted a Parliamentary Standing Committee on Education, Women, Children, Youth, and Sports, chaired by Congress MP Digvijaya Singh, to summon student whistleblower Sarthak Sidhant — a 17-year-old — to present his findings directly.

CERT-In and the S. Radha Chauhan committee must extract Coempt's database logs, audit the change history, and publicly verify the cryptographic integrity of every result. Until that verification is published, these examination results carry a question mark that no student — many of whom are now applying to universities — should have to carry with them.

The question of how Coempt Edu Teck was able to undercut TCS by nearly 60% is answered, in part, by looking at what Coempt actually owns. The answer is: very little.

The original Request for Proposal was weighted precisely to reward vendors with physical sovereign infrastructure. Twenty marks went to vendors owning Tier 3 Primary and Secondary Data Centres. Only ten marks went to third-party cloud hosting. Vendors were required to own the complete source code of their platforms. These requirements existed for a reason: when a national examination system fails, the government needs immediate control over the infrastructure, the data, and the codebase.

The revised tender deleted all of these requirements. MeitY-empaneled cloud hosting — AWS, Azure — became fully acceptable. The source code ownership clause disappeared. Coempt, which lists 51 to 200 employees on LinkedIn and reported latest revenues of ₹68 crore, was now evaluated on the same terms as TCS: a company with over 5.8 lakh employees, ₹267,021 crore in revenue, and vast fully-owned sovereign infrastructure spanning multiple countries.

Coempt won because it spent less. A company that rents its servers, depends on third-party frameworks, and has no physical data centre overhead will always underbid a company that owns and maintains physical infrastructure. But the 60% cost differential does not represent a more efficient solution — it represents the cost of outsourcing risk onto the government and onto the students whose data now sits on rented AWS buckets that were left publicly accessible.

Coempt's ability to clear the ₹50 crore turnover threshold by a margin of 1.7% — submitting an exact three-year average of ₹50.86 crore — raises the further question of whether these figures were precisely calibrated to the threshold. The Comptroller and Auditor General must audit whether CBSE awarded a ₹38.46 crore national contract to what is, in infrastructural terms, a lightweight systems integrator operating primarily on rented capacity.

The CBSE OSM controversy is not an isolated anomaly. It is the culmination of a documented, systemic pattern spanning multiple states and seven years. The institutional trail is verified by public and judicial records.

An internal CBSE observation report, generated after a dry run at five Delhi schools in January 2026, had flagged exactly 36 critical technical and operational concerns. The report warned explicitly of risks regarding "blind or superficial checking," weakened supervisory oversight, the absence of data loss safeguards, and the inability of evaluators to reach consensus on marks. Despite 36 documented red flags — produced by the CBSE's own observation team — the leadership proceeded with the national rollout.

This pattern reveals a systemic failure that is institutional, not accidental. It relies on isolated bureaucratic silos — each state and institution conducting its own procurement without reference to a centralised debarment registry — allowing a tainted vendor to rebrand, suppress criminal petitions, and leapfrog from state-level disasters to national-level contracts. India currently operates no national blacklisting registry for education technology vendors that would make a Telangana committee report visible to a CBSE procurement officer in Delhi. Until it does, the conditions that enabled this crisis remain fully intact.

The Chauhan committee has one month. The 17 lakh students waiting for answers about the integrity of their results have already been waiting too long.