• Legis Scriptor

Cyber data theft

Authored By- Meghana Vuttaradi

Keywords: Cyber identity theft, internet era, fraud


The new era of advances in technology has increased the epidemic of cyberspace identity theft. Although this crime is not new, the internet has broadened its reach and created creative ways to commit it, resulting in a new form called cyber data theft. The identity thief uses details about another person's identity such as name, address, telephone number, mother's maiden name, social security number, health card number, bank account numbers, driver's license number, and birth date. To commit theft, fraud, or other crimes it is stealing somebody's identity information.


The introduction of the internet and digital technology has profoundly affected modern societies. With greater ease, knowledge can now be accessed and stored on an extremely large scale. Computers are essential for the fulfillment of daily tasks for most corporations, academic institutions, occupations, and governments. Those advantages come with challenges though. New offences have occurred and old ones have escalated. Many countries now face cyber data theft cases, cyberspace identity fraud, hacking, sabotage, electronic money laundering, and child pornography, among others. For instance, websites, as well as online facilities such as emails, and chat rooms, allow criminals to steal, defraud, and launder the proceeds of innocent users' personal information. With the emergence of the internet, the numbers and types of computer crimes, in particular cyberspace identity theft, have also been growing. This is because computers now have the capability to telecommunicate. Unlike when computer crimes were previously restricted to events such as piracy and data loss, identity fraud can now be committed by redirecting web users from their intended destinations to fake, unknown websites.

Historical Background

Some analysts have compared cyber data theft to a tragedy that happens before one's eyes, something that is growing and becoming more destructive than ever. There's nothing one can do to stop it, and all the efforts taken to head it off are in vain. While it is not the same as an earthquake, hurricane, or tsunami, it is a phenomenon that causes the same amount of harm to people, companies, and governments. Over the past 35 years, cyber data theft has developed and evolved to take on a life of its own. Cyber data theft is on the rise, according to studies, as criminals have discovered how easy it is to conduct fraudulent business practices through emerging technology that are launched daily. The methods used for the operation of cyberspace theft changed significantly with the advent of the Internet, the widespread use of credit cards, and the increasing amount of e-commerce. Thieves turned to new, sophisticated techniques that allowed them to operate anywhere in the world, and swindle thousands of people without being detected. In other words, the internet has changed the conventional essence of identity theft to the point that the perpetrators can initiate their attacks and defraud a vast number of people without direct contact with them.

Types of Cyber Thefts

The most popular cyber-theft forms include identity theft, password theft, information theft, internet time theft, etc.

Identity Theft

Theft of identities includes unlawfully collecting personal information from another that determines one's identity for economic gain. It is the most popular type of cyber-theft. Identity theft may occur if the victim of the fraud is alive or has died. Creating a fake account or impersonation by creating several email-ids has become very popular and has resulted in fraud commissioning in order to acquire some such information that cybercriminals may use to take over the identity of the victim to commit various crimes. There are numerous methods by which data theft may be performed and personal information from electronic devices could be accessed. These are as follows: -

1. Hacking- This is an offence of unauthorized access to the computer resource and defines it as, ‘anyone with the purpose or intention of causing any damage, harm or destruction, deletion or alteration of any information residing in the computer of a public or of any person.’ The hacking offence is an infringement of one's constitutional right to privacy as given by the Constitution.

2. E-Mail/SMS Spoofing- The spoofed e-mail is one that reveals how far its origin is from where it actually originated. In SMS spoofing, the perpetrator steals another person's identity in the form of a phone number and sends SMS over the internet, and the recipient receives the SMS from the victim's mobile number.

3. Carding- Cybercriminals are making illegal use of ATM debit and credit cards to steal money from individual bank accounts.

4. Vishing- By posing as a bank representative or call center employee, the cyber-criminal calls the victim, thus fooling them into revealing sensitive details about their personal identity.

Theft of intellectual property

Theft of intellectual property (IP) is characterized as theft of copyrighted content, theft of trade secrets and trademark infringements, etc. Falsified products and piracy are one of the most common and hazardously documented consequences of IP theft.

Laws governing identity thefts in India

In its intangible nature, data can be placed on a par with electricity at best. In the case of Avtar Singh vs. State of Punjab[1], the question of whether electricity could be stolen arose before the Hon'ble Supreme Court. In reaction to the issue, the Supreme Court held that electricity is not a movable property and, according to Section 378 IPC, is not protected by the concept of 'theft'. Then Section 39 of the Electricity Act, extended to Section 378 IPC to apply for electricity, thus it was specifically covered within the scope of theft. It is therefore imperative that a provision such as in the Electricity Act be inserted into the IT Act, 2000 to specifically extend the application of section 378 IPC to data theft.

Identity theft involves both theft and fraud, thus the provisions of the Indian Penal Code 1860 (IPC) regarding forgery are sometimes invoked along with the Information Technology Act, 2000.

The Information Technology Act, 2000 (IT Act) is the key piece of legislation dealing with cybercrime laws in India. Few Sections that are dealing with Cyber Theft: -

1. Section 43: Where a person is liable to pay compensation to the individual concerned without permission of the owner for damages to the device, computer system, etc.

2. Section 66: If a person does any of the acts referred to in section 43, dishonestly or fraudulently, he shall be punishable by imprisonment for a term of up to three years, or by a fine of up to five lakh rupees, or both.

In the case of State of A.P v. Prabhakar Sampath,[2]the plaintiff M / S SIS Infotech Pvt. Ltd., Hyderabad, carrying the research station company, filed a complaint alleging that someone had successfully hacked their server and downloaded their e-reports through some free public websites. The accused was found guilty after a police investigation and charged under section 66 of the IT Act for breaching the complainant's company's content server.

3. Section 66B: Where it deals with Punishment for receiving dishonestly stolen computer resource or communication device shall be imprisonment for a period of up to three years or a fine which may amount to one or both lakh rupees.

4. Section 66C: It provides for the punishment of identity theft as follows: Whoever uses an electronic signature, password or other unique identifying feature of any other person, fraudulently or dishonestly, shall be punished with imprisonment of any form for a period of up to three years and may also be liable to fines with the possibility of extending one lakh to rupees.

5. Section 66 D: In comparison, Section 66 D was introduced to punish deception using computer resources by impersonation.


India has the world's second-highest number of internet users after China at 462.12 million but lacks the legal structure to ensure data protection and privacy with existing regulations insufficient for the rapidly developing market, say, cybersecurity experts.

These are the rules that are applicable to the prevention of data theft in the present period. While those laws were made by the government, these laws are not fully enforced. Neither the executing body nor the caretakers took these regulations seriously. On the other hand, they are not even aware of certain laws when we talk about people.

This has contributed to many rising cyber-crimes like data theft in the I.T. Branch. Thus, it is the absolute need to raise awareness of these laws among these people and guide the authority concerned to properly enforce and lodge proper complaints and provide justice to the victims. It is the general duty of the government and the judiciary to look closely at the laws and to take action if these laws are infringed in any way, be it by someone like the police officer, and the common man, just anyone.

[1] AIR 1965 SC 666 [2] (2015) Cr. Comp 489/2010, Hyderabad. References: