[zengr]

He has clearly stated on his blog:

"I spoke to the Times Of India (linked below) and I would like to clarify what's been written in the article. The article states "A 20-year-old Indian student from Cornell University hacked into the database ... " This is technically incorrect. I did no such thing. I did not illegally access any database system. All I did was access information that was available to any person who entered a number into the website could access. I simply mined the data and then analyzed it to reveal some interesting and disturbing trends""

So, he didn't hack anything.

[openforce]

Its funny how this will likely be handled by the people in authority. Some narrow minded men with no computer knowledge will sit around a table and decide what action can be taken against the 'hacker' for this 'breach', Ignoring the real issue here.

Websites made by/for government institutions in India are a joke. Most Indian websites are probably still made to work only with IE (IE6 even).

[fakeer]

Most probably those narrow minded people have a lot of other things to do like tackling insurgency and terrorism and calculating how much commissions comes from which tender and which bank they should hide that amount too, unless the ICSE board wants to pursue it further.

[lawnchair_larry]

Well in the US, doing this to get information that is even less sensitive counts as hacking and gets you sent to prison (see Andrew Auernheimer).

[bshastry]

If he stated so, it is clearly not in line with the title of his blog post [1]. Come on, the media preys on keywords like hacking, so if you don't see it coming be careful the next time is my advice to the "hacker" in question. [1] http://deedy.quora.com/Hacking-into-the-Indian-Education-Sys...

[jervisfm]

Well, don't know what laws India has with regards to Cyber-security if any at all, but I wonder how the reaction would be if that happened to a nation-wide exam/test in the US like the SAT.

Even if the data was available on the server, I think the laws here are such that one can still be persecuted for that. A recent example that comes to mind is the AT&T hack that leaked email addresses of some iPad users [1].

Fortunately, in this case, it does not appear that the original poster has anything to be concerned about.

[1] - http://www.computerworld.com/s/article/9237838/Legal_experts...

[monsterix]

Isn't it a bit strange that US did not persecute AT&T for the hole/lapse?

[pyre]

Depending how you define 'hacker,' his data mining could be considered 'hacking the data.'

[manojlds]

Not with the wrong connotation that the words hack and hacker have these days.