NEET Refund Scam: Ahmedabad Cops Arrest Bihar Youth for Hacking Portal to Steal Candidate Fees

The Ahmedabad Cyber Crime Cell has arrested a 19-year-old from Bihar for hacking into the National Testing Agency's NEET UG portal, compromising over 350 accounts and siphoning fee refunds from approximately 150 medical aspirants. The arrest of Navinkumar Shankar Prasad Yadav from Gaya district exposes critical vulnerabilities in India's premier medical entrance examination system and has prompted the NTA to urgently implement two-factor authentication across its portal infrastructure.

NEET Refund Scam: Ahmedabad Police Arrest Bihar Youth for Hacking NTA Portal, Stealing Candidate Refunds

Ahmedabad, Gujarat – June 15, 2026 — In a case that has sent shockwaves through India's medical education establishment, the Ahmedabad Cyber Crime Cell has arrested 19-year-old Navinkumar Shankar Prasad Yadav, a resident of Gaya, Bihar, for systematically hacking into the NEET UG 2026 portal and diverting examination fee refunds into his own bank account. The breach, which affected approximately 150 NEET aspirants out of more than 350 targeted accounts, has forced the National Testing Agency to urgently overhaul its digital security protocols ahead of the NEET-UG 2026 re-examination scheduled for June 21.

The Arrest: How Ahmedabad Police Caught the NEET Portal Hacker

The Ahmedabad Cyber Crime Cell, acting on a specific alert from the National Testing Agency, tracked digital footprints across multiple states before zeroing in on Yadav in Gaya, Bihar. The NTA had detected anomalous activity on the NEET UG portal — repeated login attempts from disparate IP addresses and unauthorized changes to candidate bank account details linked to fee refund processing. The agency immediately escalated the matter to Gujarat Police, who registered a case at the Ahmedabad Cyber Crime police station.

Investigators used digital forensics to trace the unauthorized access attempts back to Yadav, who had been operating from his home in the Gaya district of Bihar, approximately 1,400 kilometres from Ahmedabad. The arrest highlights the interstate nature of cyber crime in India and the growing need for coordination between state police units and central examination authorities. Yadav was taken into custody and charged under relevant sections of the Information Technology Act, 2000, and the Indian Penal Code for hacking, unauthorized access to computer systems, cheating, and criminal breach of trust.

The Ahmedabad Cyber Crime Cell's swift response — from NTA alert to arrest — took under 72 hours, according to police sources. This demonstrates both the severity of the breach and the increasing capability of state-level cyber crime units to respond to threats against national examination infrastructure.

Brute Force and Weak Passwords: Anatomy of the Breach

According to the First Information Report and details shared by investigating officers, Yadav employed brute force techniques to systematically crack weak passwords on the NEET UG portal. Brute force attacks involve automated scripts that attempt thousands of password combinations per minute against a target account until the correct credentials are found. The method works best against accounts with simple, common, or default passwords — precisely the conditions that existed on parts of the NEET portal infrastructure.

Out of over 350 candidate accounts targeted, Yadav successfully gained unauthorized access to approximately 150, a success rate of over 42 per cent that underscores the weakness of password policies on a portal handling sensitive financial data for India's most competitive medical entrance examination. Once inside each account, he modified the registered bank account details to redirect fee refunds — each approximately ₹1,700 per candidate — into his own account.

The ₹1,700 figure represents the refund amount for candidates who applied for the NEET UG examination and later sought corrections, cancellations, or were due refunds after duplicate payments. While the per-student amount appears modest, the cumulative financial impact across 150 compromised accounts totalled approximately ₹2.55 lakh. However, the real damage extends far beyond the monetary loss — the breach compromised the trust of hundreds of medical aspirants in the integrity of the examination system itself.

Financial Impact on Medical Aspirants and Their Families

For the 150 medical aspirants whose bank details were altered, the consequences extended beyond the immediate loss of ₹1,700. Many candidates from middle-income and lower-middle-income families — particularly from states like Bihar, Uttar Pradesh, and rural Gujarat — had been expecting these refunds to offset the costs of coaching fees, application expenses, and travel for the NEET-UG 2026 re-examination scheduled for June 21.

The NEET UG examination fee structure, set by the NTA, ranges from ₹1,700 for General category candidates to ₹1,000 for SC/ST/PwD candidates in India, with higher fees for OCI and foreign applicants. For a family in rural Bihar where the average monthly per capita income hovers around ₹3,500, even ₹1,700 represents nearly half a month's earnings for one individual. The diversion of these funds by a hacker operating from the same state adds a particularly bitter dimension to the crime.

Beyond the immediate financial loss, affected candidates faced the bureaucratic ordeal of filing police complaints, contacting the NTA for refund reprocessing, and updating their bank details — all while preparing for one of the most competitive examinations in the country, where over 2 million candidates compete for approximately 1.1 lakh MBBS seats across India's medical colleges.

NTA's Response: Two-Factor Authentication and Portal Security Overhaul

In direct response to the breach, the National Testing Agency has implemented mandatory OTP-based two-factor authentication for all NEET UG portal logins. This means candidates must now enter a one-time password sent to their registered mobile number in addition to their regular password before accessing their accounts. The move directly addresses the brute force vulnerability that Yadav exploited — even if a password is cracked, the attacker would still need access to the candidate's mobile phone to complete the login.

The NTA has also instructed candidates to verify and update their bank account details through the portal, with the new two-factor authentication now mandatory for this process. This re-confirmation drive, announced alongside the admit card release for the June 21 re-examination, aims to ensure that no unauthorized bank details remain in the system. Candidates have been directed to log in using the newly implemented OTP-based verification and confirm their registered bank accounts.

However, the security upgrade raises questions about why two-factor authentication was not already standard practice on a portal processing financial transactions for a national examination with over 2 million annual applicants. The NTA, established in 2017 under the Ministry of Education, has faced repeated criticism over its digital infrastructure, from website crashes during application periods to alleged paper leaks and now a direct financial fraud targeting candidates.

NEET-UG 2026: A Year of Repeated Security Challenges

The refund scam is the latest in a series of security incidents affecting NEET-UG 2026. In May 2026, the Central Bureau of Investigation cracked a paper leak case, arresting retired professor P.V. Kulkarni, a question setter with the NTA. The CBI investigation revealed a "guess paper" mafia network that had been exploiting access to examination materials. The exposure of the paper leak forced the NTA to conduct a re-examination for NEET-UG 2026, now scheduled for June 21.

The back-to-back security failures — a paper leak in May followed by a portal hack in June — paint a concerning picture of the NTA's cybersecurity posture. Each incident erodes confidence among the over 2 million students who register for NEET UG annually, many of whom spend years preparing and substantial family resources on coaching, study materials, and application fees. For students from smaller towns and rural areas, the repeated breaches reinforce a perception that the examination system is vulnerable to manipulation by those with technical knowledge or insider access.

The stakes could not be higher. NEET UG is the exclusive gateway to undergraduate medical and dental programmes at all government and private medical colleges in India, including prestigious institutions like AIIMS, JIPMER, and state medical colleges. A compromised examination system threatens not just individual careers but the integrity of India's healthcare workforce pipeline. With the country facing a doctor-to-population ratio of approximately 1:1,511 — well below the World Health Organization's recommended 1:1,000 — every compromised admission cycle delays the production of qualified medical professionals.

Cybersecurity Gaps in India's Examination Infrastructure

The NEET refund scam exposes a broader vulnerability in India's rapidly digitizing examination framework. As the NTA and other bodies — including the Central Board of Secondary Education, the University Grants Commission, and various state examination boards — move examinations, fee collections, and refund processing online, the security of these digital systems has not kept pace with their scale and complexity.

Security researchers and ethical hackers have repeatedly flagged vulnerabilities in Indian examination portals. In a widely publicized case in June 2026, Dubai-based CBSE student Rylen Anil highlighted vulnerabilities in both the NEET and JEE Advanced systems, pushing back against critics while demonstrating that the issues were known to the authorities. The NTA's slow adoption of basic security measures like two-factor authentication, rate limiting on login attempts, and automated anomaly detection suggests a reactive rather than proactive approach to cybersecurity.

The Ministry of Education, which oversees the NTA, must now reckon with the fact that India's examination infrastructure handles not just academic data but also financial transactions, personal identification details, and — in the case of medical and engineering entrance exams — the life trajectories of millions of young Indians. A comprehensive security audit of all NTA portals, penetration testing by independent cybersecurity firms, and the establishment of a dedicated cybersecurity cell within the examination body are no longer optional but essential.

What This Means for India's Medical Education Pipeline

India produces over 90,000 MBBS graduates annually across more than 650 medical colleges. The NEET UG examination is the single filter through which every aspirant must pass, making its integrity a matter of national health policy. Each breach — whether a paper leak or a portal hack — introduces uncertainty into this pipeline, potentially delaying admissions, increasing litigation, and adding stress to an already gruelling selection process.

For the 150 students directly affected by the refund scam, the immediate impact is financial and administrative. But for the broader population of over 2 million NEET aspirants, the message is clear: the digital infrastructure underpinning their medical careers remains vulnerable. This uncertainty comes at a time when India is pushing to expand its medical education capacity — adding new AIIMS institutions, upgrading district hospitals to teaching hospitals, and increasing MBBS and postgraduate seats to address the healthcare workforce shortage.

The NTA and the Ministry of Education must treat these security incidents not as isolated failures but as systemic warnings. Each breach erodes trust; each remediation that follows rather than precedes an attack signals that candidate welfare is secondary to administrative convenience. With the NEET-UG 2026 re-examination just days away and thousands of medical careers hanging in the balance, the urgency of comprehensive digital security reform cannot be overstated.

The Bottom Line

The arrest of Navinkumar Shankar Prasad Yadav by the Ahmedabad Cyber Crime Cell is a victory for law enforcement but a wake-up call for India's examination infrastructure. A 19-year-old with brute force scripts was able to compromise 150 candidate accounts on the portal of the country's most important medical entrance exam — not through sophisticated hacking, but by exploiting weak passwords that should never have been permitted on a system handling sensitive financial data.

The NTA's decision to implement two-factor authentication is a necessary step, but it addresses only the most immediate vulnerability. India needs a comprehensive examination cybersecurity framework that includes mandatory multi-factor authentication, real-time fraud detection, regular security audits, and rapid incident response protocols. State police forces like the Ahmedabad Cyber Crime Cell have demonstrated the capacity to investigate and apprehend cyber criminals; the examination authorities must now match this capability with prevention.

For the 150 NEET aspirants who saw their refunds vanish and for the millions more watching these developments, the message from the authorities must be clear: your data is secure, your examination is fair, and your path to a medical career will not be compromised by preventable security failures. Only when this confidence is restored can India's medical education system truly serve the needs of its people.

— By Dr. Raj Patel, Staff Writer