Data Theft – Akhil Bhartiya Cyber Suraksha Sangathan (Regd.)

💾 DATA THEFT — OVERVIEW

Data theft is the unauthorised access, copying, transfer or stealing of confidential information — including personal details, financial records, passwords, trade secrets and sensitive corporate data — from an individual, organisation or government system. In today's digital world, your data is as valuable as your money. Cybercriminals steal data to sell it on the dark web, commit identity fraud, extort victims, conduct corporate espionage or cause reputational damage. India has witnessed massive data breaches affecting crores of citizens. Data theft is a serious cyber crime punishable under the IT Act 2000 and the Bharatiya Nyaya Sanhita 2023.

⚠️ How Data Theft Happens

Hacking into databases of companies, banks or government portals
Installing keyloggers or spyware on victim's device via malicious links
Phishing emails and fake websites that harvest login credentials
Insider threats — employees stealing data from within organisations
Using unsecured public Wi-Fi to intercept data transmissions
Exploiting software vulnerabilities in unpatched systems
Physical theft of laptops, USB drives or mobile phones with sensitive data
SQL injection attacks on websites to extract database records
Social engineering — tricking employees into revealing credentials
Malicious mobile apps that access contacts, photos and banking data

✅ How to Protect Your Data

Use strong, unique passwords for every account — enable 2FA everywhere
Never access sensitive accounts on public Wi-Fi — use a trusted VPN
Keep all software, apps and operating systems updated regularly
Install reputed antivirus and anti-malware software on all devices
Encrypt sensitive files and use secure cloud storage with access controls
Do not click on unknown links or download attachments from strangers
Review app permissions — never grant unnecessary access to your data
Shred physical documents containing personal or financial information
Use secure and HTTPS websites only while transacting online
Regularly back up important data to an offline or encrypted location

🔍 Types of Data Theft

🪪

Personal Identity Data Theft

Stealing name, date of birth, Aadhaar number, PAN card, passport details, mobile number and address to impersonate the victim for financial fraud, fake loan applications or government benefit misuse.

💳

Financial Data Theft

Stealing credit card numbers, CVV codes, net banking credentials, UPI PINs, account numbers and transaction history to make unauthorised payments or drain bank accounts.

🏢

Corporate / Business Data Theft

Employees or hackers stealing trade secrets, client databases, pricing strategies, intellectual property, product designs or confidential contracts to sell to competitors or use for blackmail.

🩺

Medical Data Theft

Stealing patient health records, medical history, prescriptions, insurance details and hospital data from healthcare systems. Medical data is highly valuable on the dark web for insurance fraud and blackmail.

🔑

Login Credential Theft

Stealing usernames and passwords through phishing, keyloggers, data breaches or credential stuffing attacks — used to hijack email accounts, social media profiles and banking portals.

📱

Mobile Device Data Theft

Accessing contacts, photos, videos, messages, banking apps, OTPs and location data from stolen or hacked smartphones through malicious apps, spyware or physical theft of the device.

🌐

Database Breach (Mass Data Theft)

Large-scale hacking of company or government servers to steal millions of records at once — including customer data, employee records and financial information — which is then sold in bulk on the dark web.

🕵️

Insider Data Theft

Current or former employees, contractors or business partners misusing their authorised access to steal sensitive company data, client lists, financial records or proprietary information for personal gain or to benefit a competitor.

⚠️ WARNING SIGNS — YOUR DATA MAY HAVE BEEN STOLEN

🔔

Unexpected Account Activity or Transactions

Receiving SMS or email alerts for transactions, logins or OTPs you did not initiate — a strong sign that your financial or account data has been compromised.

📧

Receiving Password Reset Emails You Didn't Request

If you are getting password reset links or OTPs you never asked for, someone may be attempting to take over your accounts using your stolen credentials.

📉

Unexplained Drop in Credit Score

A sudden drop in CIBIL or credit score without any new loans could mean someone has taken a loan in your name using your stolen Aadhaar, PAN or identity documents.

📬

Unknown Accounts or Loans in Your Name

Receiving statements, collection calls or letters for loans, credit cards or accounts you never opened — a clear sign of identity theft using your stolen personal data.

🔍

Your Personal Data Appearing Online

Finding your private information — phone number, address, Aadhaar number or photos — posted on unknown websites, dark web forums or social media without your consent.

🐢

Slow Device Performance / Unknown Apps

Unusual slowness, battery drain or unknown apps appearing on your phone or computer may indicate spyware or data-stealing malware is running in the background.

🚨 If Your Data Has Been Stolen — What To Do

Immediately change passwords of all affected accounts — start with email and banking
Enable Two-Factor Authentication (2FA) on all accounts without delay
Call your bank on official helpline to block cards and freeze suspicious transactions
Call National Cyber Helpline 1930 immediately to report financial data theft
File a complaint at cybercrime.gov.in — select appropriate category
File FIR at your nearest Cyber Crime Cell — bring all evidence including screenshots and statements
Check your CIBIL score and report any unauthorised loans using your identity to the credit bureau
Inform UIDAI (1947) if your Aadhaar number has been misused — request Aadhaar lock
Run a full antivirus and anti-malware scan on all your devices
Monitor your accounts, email and credit report closely for at least 6 months after the theft

📰 MAJOR DATA BREACH INCIDENTS — INDIA

2023 — ICMR Data Breach

81.5 Crore Indian Citizens' Data Leaked

In October 2023, data of approximately 81.5 crore Indian citizens — including Aadhaar numbers, PAN details, names, addresses and mobile numbers — was allegedly leaked from the ICMR COVID-19 database and put up for sale on the dark web. One of the largest data breaches in India's history.

2022 — AIIMS Delhi Ransomware

Patient Data of Crores Compromised

In November 2022, the All India Institute of Medical Sciences (AIIMS) Delhi was hit by a devastating ransomware attack. Patient records, employee data and hospital systems were encrypted. The attackers demanded ₹200 crore. The incident exposed the vulnerability of critical healthcare data infrastructure.

2021 — Air India Data Breach

4.5 Million Passengers' Data Stolen

Air India's SITA passenger service system was hacked in 2021, compromising the personal data of 4.5 million passengers including passport details, credit card information, dates of birth and ticket information. The breach affected passengers who registered between 2011 and 2021.

2019 — Aadhaar Data Leak

Details of 1 Billion Citizens Allegedly Exposed

A French security researcher reported that Aadhaar data of over 1 billion Indians was accessible through an insecure API maintained by a utility company. Names, unique 12-digit Aadhaar numbers, addresses, photos, phone numbers and email addresses were potentially exposed to unauthorised access.

⚖️ APPLICABLE LAWS

IT Act Sec 43 IT Act Sec 43A IT Act Sec 66 IT Act Sec 66B IT Act Sec 72 BNS Sec 316 BNS Sec 318 Aadhaar Act Sec 37 DPDP Act 2023

IT Act Section 43: Whoever without permission accesses, downloads, copies or extracts any data from a computer resource shall be liable to pay damages by way of compensation to the person affected — up to ₹1 crore. This is the primary civil remedy for data theft victims.

IT Act Section 43A: A body corporate that handles sensitive personal data and fails to maintain reasonable security practices causing wrongful loss shall be liable to pay compensation. Applicable in corporate data breach cases where negligence is involved.

IT Act Section 66: Dishonest or fraudulent acts covered under Section 43 — including data theft — are criminal offences punishable with imprisonment up to 3 years or fine up to ₹5 lakh or both.

IT Act Section 66B: Dishonestly receiving or retaining stolen computer resource or data — up to 3 years imprisonment or ₹1 lakh fine or both. Applicable to buyers and sellers of stolen data on the dark web.

IT Act Section 72: Breach of confidentiality and privacy — disclosing information accessed without consent — up to 2 years imprisonment or ₹1 lakh fine. Applies to insiders who leak customer data.

BNS Section 316 (Theft) / 318 (Cheating): Data theft involving fraudulent gain or cheating is prosecutable under corresponding theft and cheating provisions of the BNS 2023 with up to 7 years imprisonment.

Aadhaar Act Section 37: Unauthorised access to or misuse of Aadhaar biometric/demographic data — up to 3 years imprisonment and ₹10 lakh fine. Report Aadhaar misuse to UIDAI at 1947 or resident.uidai.gov.in.

Digital Personal Data Protection (DPDP) Act 2023: Companies that fail to protect personal data entrusted to them face penalties up to ₹250 crore per breach. Citizens have the right to know what data is collected, demand its deletion and seek grievance redressal through the Data Protection Board of India.

📝 Report This Crime

📝 Report Data Theft to ABCSS

Akhil Bhartiya Cyber Suraksha Sangathan (Regd.)

Regd. with Registrar of Society of NCT Delhi-Regd. No-287

Cyber Criminals se Suraksha, Digital India ki Raksha

अखिल भारतीय साइबर सुरक्षा संगठन (पंजी)

भारत की पहली साइबर क्राइम इन्वेस्टीगेशन एन जी ओ

ऑनलाइन रहें सतर्क, साइबर अपराध से रहें सुरक्षित

Cyber Links

Important Links