In the digital era, with the increase in the usage of internet, data has now become a valuable asset. Taking into consideration that data is the most important tool of information, crimes such as hacking, phishing, stealing, or deleting the information has also increased. Some people illegally steal information and use it for their personal use. Since the technology is getting advanced, data theft remains a major threat to an organization or an individual including significant reputational damage and financial losses. As the volume of data is growing rapidly and data theft is happening often, protecting sensitive data and preventing data loss has become very difficult. Despite efforts are taken on safeguarding the information from being leaked, it remains a major problem. This paper highlights the cyber data theft in detail and the laws governing it.
In the current scenario, Cybercrime is one of the most important problems faced by countries across the world. One such part of Cybercrime is Cyber data theft which means a theft committed through computers or the internet. The internet is a collection of millions of data that is being searched, stored, saved, collected, shared, transferred everywhere across the world. Over millions of data are created every day on the internet by various organizations to extract value that sometimes represents the truth which makes or breaks their organizations. Data is an important raw material in this modern era of information technology for companies. It is an important device for Corporate to capture large market shares. Any information stored in an electronic form may lead to theft than any paper document. So, it is important to study Cyber data theft.
Data is generally the information in which actions are performed by a computer, and which may be stored in electronic form and recorded on optical recording media. Data is stolen by employees or contractors using it in the course of their employment or through hacking the computer systems.
Data theft is the act of illegally obtaining personal or confidential information from an organization without its permission. It is the act of taking virtual data with an object to compromise someone’s privacy or to procure confidential data. Data theft occurs in various ways by stealing or hacking passwords, bank details, credit card details, personal information, or information to a corporate business or hacking into government sites for stealing confidential information, stealing photographs, and mistreats them and some more related to these.
The term ‘Data Theft’ is a misnomer. As per the Indian Law, theft can be committed only concerning the movable property. But data is not a movable property, and therefore it is the uncertified act of stealing information electronically (for example, utilizing mailing it to someone or by hacking into a computer) is not considered as theft. Nevertheless, stealing of data is no doubt a criminal offense and hence is punishable under the law.
Data theft has been defined in Section 43(b) of the Information Technology Act, 2000 as, “Any person without the permission of the owner or any other person who is in charge of a computer, computer network or computer system, downloads, copies, or extracts any data, computer database or information from such computer, computer system, or computer network.”
Data theft is increasingly a major problem for individual computer users and big corporate firms.
There are different types of cyber theft which include
- Identity theft,
- Password theft, theft of Information,
- Intellectual Property theft,
- Internet Time theft.
Identity theft relates to unlawfully getting of somebody’s personal information using a computer which characterizes one’s personality for financial benefit. It is the commonest type of cyber theft. Identity theft can happen even if the fraud victim is alive or dead. There are different methods through which data theft could be committed and personal data could be acquired from electronic gadgets. They are as follows:
Anyone who breaks into someone else’s computer system and steals some personal information from the system without permission is hacking. Constitution provides hacking as an offense as it violates one’s fundamental right to privacy.
Phishing is the fraudulent purpose of sending emails containing virus affected websites to urge the person to reveal some personal information such as passwords, login information, and account information.
E-mail spoofing is one that demonstrates its origin to be not quite the same as where it began. In this, the wrongdoer steals the identity of another person in the way of phone number and sending SMS through the internet and the beneficiary gets the SMS from the phone number of the victim.
Carding is when someone makes unauthorized use of the ATM cards to take out money from the bank accounts of the individual.
The cybercriminal calls the victim by presenting to be a bank delegate or call center representative, accordingly tricking them to reveal crucial data about their own identity.
Password theft, Theft of Information
This includes information stored in electronic form such as computer hard disks, removable storage media, etc. Theft can either by appropriating the data physically or by tampering them through the virtual medium.
Theft of Intellectual Property (IP)
Theft of Intellectual Property is characterized as theft of material that is copyrighted, the theft of trade secrets, and trademark infringements, etc. one of the most commonly and dangerously known outcomes of IP theft is fake products and piracy.
Internet time theft
In these kinds of thefts, normally the Internet surfing hours of the victim are used up by another person. This is done by gaining access to another person’s login ID and the password either by hacking or by illegal means without that person’s knowledge.
Methods of Cyber Theft
There is more than one approach to steal data. Some of the popular methods are as follows:
E-commerce: One should ensure that their information is sheltered from prying eyes when they sell or purchase things on the internet. Lack of regard can prompt releasing private account data.
Password cracking: Intruders can approach the machine and get valuable information if it is not password protected or its password can be effortlessly decoded (weak password).
Eavesdropping: Data sent on unreliable lines can be wiretapped and recorded. If no encryption component is utilized, there is a decent possibility of losing the password and other personal information to the eavesdropper.
Laptop theft: Increasingly events of laptop theft from corporate firms happen with the valuable data put away in the laptop being offered to competitors. Carelessness and the absence of laptop information encryption can prompt major losses for the firm.
Laws determining cyber data theft in India
The Information Technology Act, 2000 (IT Act) is the primary act which deals with Cyber theft in India. Some of the sections managing cyber theft under IT Act are
Section 43 – Any individual without authorization of the owner harms the computer, computer system, etc. Penalty: Liable to pay compensation to the person so affected.
Section 66 – Any individual, dishonestly, or fraudulently does any act referred to in section 43. Penalty: Liable for imprisonment up to three years, or fine up to rupees five lakhs, or both.
Section 66B – Punishment for dishonestly receiving stolen computer resource or computer device. Penalty: Liable for imprisonment up to three years, or fine up to rupees one lakh, or both.
Section 66C – Punishment for Identity theft: Any person fraudulently or dishonestly makes use of the electronic signature, password, or any other unique identification feature of any other person. Penalty: Liable for imprisonment up to three years and fine up to rupees one lakh.
Section 66D – This section was inserted to punish for cheating by impersonation utilizing computer assets.
Section 70 – Protection of the data stored in the protected system. Penalty: Liable for imprisonment which may extend up to ten years and fine.
Section 72 – Protection against breach of confidentiality and privacy of the information. Penalty: Liable for imprisonment up to two years or fine up to one lakh rupees or both.
The Indian Penal Code (IPC) provisions are as follows:
Section 378 – Definition of Theft: This section deals with the theft of movable properties. At present, the law is not clear whether the data or information in its virtual form can be considered as movable property or not. But if the data or information is stored in a hard disk, pen drive, computer, CD or DVD, floppy, etc so such things act as a medium and the medium is the movable property and once if that medium is stolen, then the person can be liable for such action under this section.
Section 405 and 408 – Criminal Breach of Trust: Since the employees are entrusted with the data or information by the employer during their employment and if any employee dishonestly misappropriates or converts to his personal use or dishonestly uses or disposes of that data or information, then he or she may be charged. Penalty: Liable for imprisonment up to three years, or fine or both. If committed by an employee (servant), then liable for imprisonment up to seven years, or fine, or both.
Infringement of Copyright
As per the provisions of Copyright Act,
Section 2(o) and 63 – “Literary work” involves computer programs, tables, and compilations including computer databases. Copyright infringement is a criminal offense. Penalty: Monetary fine equivalent with the magnitude of the offense.
The Personal Data Protection Bill, 2019states as follows:
Section 57 deals with penalties and compensation.
- When the data fiduciary violates the following provisions:
- obliges to take prompt and appropriate action in response to a data security breach or
- fails to register with the Authority,
- obliges to undertake a data protection impact assessment,
- obliges to conduct a data audit,
- Appointment of a data protection officer.
Penalty: Liable with fine up to five crore rupees or two percent of its worldwide turnover of the preceding financial year, whichever is higher.When a data fiduciary violates the provisions of Chapters II, III, IV, VII, or section 24.
Penalty: Liable to a penalty of fine up to fifteen crore rupees or four percent of its total turnover of the preceding financial year, whichever is higher.
The Indian legal framework is arising to the danger of data theft. However, there are still no provisions regarding data theft.
Procedure to file a complaint on Data Theft
The following are the procedure to file a complaint against data theft in India:
- First, write an application to the head of the cyber cell.
- The following details to be provided in the application: Name, Address, Email, and Phone number.
- In case of hacking or data theft, the following details to be provided in the cyber cell:
- Logs of the server.
- A hard and soft copy of the defected page
- If the data of the defected page is compromised, provide a soft copy of the original data as well as the compromised data.
- Control mechanisms details in which one have to tell who has accessed the computer
- If one has any doubt or feeling suspicious about someone, then provide the list of those suspicions.
- One can also file a complaint from any of the cyber cells of the city or can make an application online.
Prevention of Cyber Theft
As there is an increase in data theft risk, individuals and organizations have to take steps to protect their data. Some of the steps to protect personal information are as follows:
- Secure confidential customer, employee, or any other individual data by keeping storage devices containing sensitive data in a locked, secure area and prohibiting access to sensitive data.
- Dispose of sensitive data properly and remove all the information from the computers and devices before disposing of any of them.
- Use password protection for all business computer systems and make employees have unique user names and strong passwords to change regularly.
- Encrypt sensitive information and use encryption on all computers, laptops, devices, and emails that contain sensitive data.
- Protect the computers against viruses by installing and using antivirus and antispyware software.
- Keep the software and operating systems up to date by installing updates to security, web browsers, operating systems, and antivirus software as soon as they are present.
- Secure access to the computer network with firewalls, remote access, and WI-FI networks that are secure and are encrypted.
- Verify the security controls of third parties.
- Train the employees to ensure that they understand data protection practices and their importance.
To conclude, with the increase in the usage of internet and access to digital technology, our economy is quite exposed to white-collar crimes including cybercrimes. Thinking about the worth and quantum of the data, it is basic for any organization or individual to take preventive measures. Since Indian Laws on this issue as it stands today is not clear, the best systems to prevent loss include: Development of an exhaustive arrangement of policies and method, Verification of IT security rules and look for lawful change. Laws need to be strict and consequences need to be substantial to divert people from committing such crimes.
Frequently Asked Questions
- What is Data theft?
Data theft is the act of stealing information using a computer from an unknown victim with the intent of obtaining confidential information.
- What are the types of cyber theft?
The different types of cyber theft are identity theft, password theft, theft of information, internet time theft, and theft of intellectual property.
- What is Identity theft?
This happens when financial or personal information is stolen using a computer.
- What are the laws which govern the data theft in India?
The Information Technology Act, The Indian Penal Code, The Copyright Act, The Personal Data Protection Bill are the laws that govern cyber data theft in India.
- Where do I report a cyber Data theft complaint in India?
One can report the complaint by filing in the nearest or any cyber cell in India.
- The Information Technology Act, 2000
- The Indian Penal Code, 1860
- The Copyright Act, 1957
- The Personal Data Protection Bill, 2019.
-  https://mylegalwork.com/guides/data-theft (retrieved on 07-07-2020)
- https.www.mondaq.com/india/white-collar-crime-anti-corruption-fraud/785836/cyber-theft-a-serious-concern-in-india (retrieved on 07-07-2020)
-  https://cybercrime.org.za/data-theft/ (retrieved on 08-07-2020)
-  The IT Act, 2000 // section 43, 66B, 66C, 66D, 70, 72
-  https://www.indianlawoffices.com/legal-articles/data-theft-by-employees (retrieved on 10-07-2020)
-  The Indian Penal Code, 1860 // section 405 and 408.
-  The Copyright Act, 1957 // section 2(o) and 63
-  The Personal Data Protection Bill, 2019 // section 57
-  https://www.google.com/amp/s/blog.ipleaders.in/legal-actions-data-theft/amp (retrieved on 09-07-2020)
- https://digitalguardian.com/blog/what-insider-data-theft-data-theft-definition-statistics-and-prevention-tips (retrieved on 10-07-2020)