CAT does it again. At least 50 Common Admission Test (CAT) probables claim that they have already got their CAT 2010 scores, a full ten days before the results are to officially be declared. Does this mean that the CAT 2010 result has leaked? Not really, but it definitely means that those behind the CAT have not done enough technologically to secure their systems.

Since Sunday, January 2, 2011 and until sometime in the afternoon of January 3, candidates have been visiting the URL ‘http://scorecard.catiim.in/‘ and finding out their CAT 2010 scores and percentiles — or what they think are their CAT 2010 results. Those who accessed the purported results told PaGaLGuY that all they did was enter their test credentials on the webpage and out came their scores. Then sometime today afternoon, the link stopped functioning. At the time of writing this article, the webpage is still visible via Google Cache. Not only the results link, but the entire catiim.in website is down.

One of the CAT 2010 scorecards downloaded on January 2.

(Data blurred to protect identity of the candidate)


Google Cache screenshot of the CAT 2010 results page

They are certain that the scores are the actual scores of CAT 2010 because the photograph in the scorecard matches the one clicked at the time of the checking in to the test between October 27 and November 24, 2010. The ‘Date of test’ in the scorecard is also accurate, they add.

“I can say that this ought to be the CAT 2010 result because I remember my CAT scores of last year, so these definitely are fresh scores,” said a candidate.

Prof Himanshu Rai, CAT 2010 convenor emphatically said that there is no way that the results could have leaked.

“The site is not operational at this point so how can candidates have the results. The results are not even uploaded so how can anyone see them,” he asked.

PaGaLGuY contacted Prometric but it did not get back with a response at the time this article went for publication.

What seems to have happened is that some anonymous CAT aspirant in the myriad of the world wide web chanced upon the URL ‘http://scorecard.catiim.in/‘ by fluke, found it in working condition and circulated it further, spreading it like wildfire on the Internet.

In all probability, the administrators of the ‘catiim.in’ website were testing the results system when the URL became publicly known. This is a strange and clumsy testing practice; the release candidate of any web-based application should be password protected and revealed only to a select test group. Certainly not be publicly accessible until launched. This does not reflect highly on the process standards followed by the makers of ‘catiim.in’.

A similar incident had occurred during CAT 2004. Back then, some smart alec had correctly guessed one day before the official results date that the results link would be ‘iimahd.ernet.in/result04.php’ by simple deduction — the previous year, this URL was (drum roll and high hat) ‘iimahd.ernet.in/result03.php’. Coverage of the CAT 2004 results leak: 1, 2, 3 and 4.

With the CAT 2010 Convenor outrightly denying that the site was even operational, no official word is available on whether those who downloaded their scorecards had indeed chanced upon their actual results, or was it just test data. Given that other information in the scorecard — the photograph, test date, mailing address — are all accurate, chances are that the percentiles are the actual ones too. However, this is just a logical deduction. Until more reliable word is available, we’d advise you to wait until the official result announcement on January 12 before you close the curtains on the CAT 2010 written test.

Premature result leakage of this sort causes undue speculation and emotional distress among test takers. One can always argue that the choice of not looking at the result before the official date lies with the candidates. However, both Prometric and the IIMs should also acknowledge and realise that if there’s a link or a document out there in the chaos that is the Internet, it is likely to be accessed and virally spread. The least they can do to control behaviour is store data that should not be accessed behind a password.

Update (Jan 5, 2010): Prometric today issued the following statement distancing itself from the result ‘leak.

Full text of Prometric’s statement – “The website hosting the results was developed, and is maintained, by a third party vendor hired by the Indian Institutes of Management (IIMs). Because we did not develop it, and do not manage it, we are not able to provide further information about the issues that affected the website. Prometric takes extensive security measures to protect our systems. The systems used to develop and deliver exam content are managed by Prometric and meet the highest security standards. The score reporting system is not developed or managed by Prometric.”

Write Comment