Illustration showing identity theft

Cybercrimes are rising rapidly with the evolution of technology and the internet. Defined as a criminal activity taking place on or over the medium of computers, the internet, or other technology recognised by the Information Technology Act, cybercrimes are the most devastating and prevalent crimes in the post-internet, modern era.

The usage of computers and other allied technology in daily life is snowballing and has become a mode facilitating user convenience. Although a medium infinite and immeasurable, it has its dark sides too.

Bare Act PDFs

Some newly emerged cybercrimes are cyber stalking, cyber pornography, cyber terrorism, email spoofing, cyber defamation, etc. Out of these all, identity theft (ID) theft seems to be the most severe crime in cyberspace.

Let us now understand what exactly is Identity (ID) theft, and the modes in which it is performed. We shall also glance at the Indian provisions with respect to this cybercrime, and a few landmark judgments.

Must Read: Rise of Cybercrime in India: Reasons, Impacts & Safety Measures

Identity Theft Explained

Identity theft is a sort of fraud that entails the unauthorised use of another person’s personal information to carry out unlawful acts or to get financial or other rewards. Name, address, Aadhar card number, PAN card, credit card numbers, and other private information about the victim are some examples of this data.

Identity thieves can use personal information to open credit card accounts, obtain loans, make purchases, or even submit a job application in the victim’s name. The victim’s information might also be used to access private financial accounts or apply for government benefits. Financial losses, damaged credit, and emotional anguish can all be significant and long-lasting effects of identity theft.

Bare Act PDFs

Modes of Identity Theft

1. Malware

Malware is short for malicious software, which refers to any software that is intentionally designed to cause harm to a computer system, network, or user. It may appear as viruses, worms, Trojans, ransomware, spyware, adware, and more.

Malware can be used to collect sensitive data that can be exploited for identity theft, including passwords, credit card numbers, and other private information. A keylogger, which captures everything a user types on their keyboard, including passwords and other confidential information, is one of the most popular types of malware employed for this purpose.

It’s crucial to adhere to the best practices for online security, such as using strong and distinctive passwords, to prevent identity theft brought on by malware.

2. Hacking

Hackers can obtain personal information and use it for fraud via several methods, including malware infections and database breaches.

A hacker might, for instance, urge the receiver to submit their login details or other personal information in an email that appears to be from a reputable source, such as a bank or online retailer. Likewise, a database breach could allow a hacker to access a company’s database without authorization and take financial information, Aadhar Card number, PAN card, and other sensitive data.

3. Phishing

Phishing is a type of online scam used frequently to obtain sensitive data, including passwords, credit card numbers, and other personal information that can be exploited for identity theft.

Phishing attempts can appear as emails, texts, phone calls, or even messages on social media that claim to be from a reputable source like a bank, online merchant, or government agency.

In order to obtain sensitive information, such as login credentials or financial information, the attacker must successfully mislead the recipient.

Once the attacker obtains this information, they can use it to open new credit card accounts or carry out illicit purchases while using the victim’s identity.

Indian Laws Related to Identity Theft

Identity theft is a criminal offence in India, and there are laws and regulations in place to prevent and punish such acts. Some of the key laws related to identity theft in India are mentioned below.

Information Technology Act of 2000

The Information Technology Act (IT Act), a piece of legislation adopted in India, makes no mention of preventing identity theft in particular. The Act does, however, include provisions for the punishment of a number of cybercrimes, such as hacking and illegal access to private data.

A person can be held accountable for damages and compensation under sections 43 and 66 of the IT Act if they wilfully and unlawfully access, download, copy, or extract any data or information from a computer resource.

Furthermore, the IT Act’s section 72 addresses the protection of personal data and addresses the problem of data security.

While the IT Act does not specifically address identity theft, it provides legal provisions for the punishment of unauthorized access to sensitive information and personal data protection. To prevent identity theft, it is important to be cautious about sharing personal information online and secure online accounts with strong passwords and multi-factor authentication.

Section 66C: This section outlines the penalties for identity theft and specifies that they can include either a term of imprisonment of up to three years or a fine of up to one lakh rupees.

Section 66D: This section addresses the penalties for impersonating someone else to cheat using a computer resource and specifies a sentence of imprisonment for a term that may not exceed three years, a fine that may not exceed one lakh rupees or both.

The Indian Penal Code of 1860

The Indian Penal Code (IPC), which dates back to 1860, contains provisions to punish numerous offences, including those involving identity theft. Identity theft is covered under the following sections of the IPC:

Section 419: This section addresses cheating by impersonation and prescribes a punishment extending up to three years of imprisonment, or fine, or both.

Section 420: This section deals with defrauding and dishonestly procuring the handover of the property, and it lays forth a punishment that includes both a fine and a term of imprisonment that can last up to seven years.

The IPC also includes provisions for penalties in situations of document forgery and passing off a fabricated document as a real one.

Landmark Judgments Related to Identity Theft in India

Given below are a few recognised judgements related to the development of identity theft as a cybercrime in India.

1. Binod Sitaram Agarwal vs the State of Maharashtra (2018)

In this instance, the applicant was detained in connection with offences that violated sections 43 and 66C of the Information Technology Act 2000. When the charge sheet was filed, sections 408 of the Indian Penal Code and section 70 of the Information Technology Act were added.

2. K Sudhakar vs N Balaji (2017)

Facts: K. Sudhakar, the father-in-law of respondent N. Balaji, obtained his savings account statement from HDFC Bank without his consent. The respondent filed a private complaint stating that he has a savings account in HDFC Bank, Thillai Nagar Branch, Tiruchirapalli and for the above-stated reason, the petitioner has committed offences punishable under sections 66B and 66C of the Information Technology Act read with section 406 and section 416 of IPC.

Held: If the said bank had issued the bank statement to the petitioner without the consent of the respondent, utmost he can ask for any relief that is available under the law against the bank authorities. He cannot prosecute the petitioner in court instead. Therefore, this court is of the view that continuance of the proceedings against the petitioner would result in an abuse of procedure of the court, and hence, these proceedings must be quashed.


Millions of people are impacted by the growing issue of identity theft each year. It may result in serious monetary loss, severe mental suffering, injury to one’s reputation, and loss of credit. It’s critical to be diligent in securing your personal information, maintaining the security of your passwords, and routinely checking your credit reports if you want to prevent identity theft.

The use of services and tools like fraud alerts and credit freezes can assist you in detecting and recovering from identity theft. You can lessen your chance of falling victim to this crime by taking proactive steps to protect your identity.

Read Next:
1. Cyber Crime and Punishment in India
2. Domain Name Disputes and Their Redressal

WritingLaw » Law Articles » What Is Identity Theft and Its Laws in India? Law Study Material
If you are a regular reader, please consider buying the Law PDFs and MCQ Tests. You will love them. You may also support us with any amount you like. Thank You.