Identity theft has developed universally as a prime matter, surpassing national boundaries and twisting through multistate proxy webs and the various gang of traitors. The notion of identity theft has also developed with the progress of the internet and its related interests.[1] With the emergence of the internet, offence in cyberspace has also escalated. According to the facts, identity theft takes place whenever an individual steals other individuals’ confidential information and utilizes those credentials to commit cheating or any other offence. The internet has all the time played a crucial part in circulating information regarding identity theft, both in terms of dangers and information on how people may evade victimization. The internet has also been acknowledged as a vital benefactor to identity theft since it allows surroundings of impersonality and a chance for culprits to acquire fundamental constituents of other individuals’ identities.


  • Criminal Identity Theft

Criminal identity theft happens when an individual who has been taken into custody for committing an offence introduces himself as another individual, by utilizing the facts and information of that individual. The outcome is the criminal record in the name of the sufferer, who may not memorize the offence until it’s too late.

  • Medical Identity Theft

It takes place when the offender utilizes the information of somebody else to obtain the prescribed drugs, consult the doctor or assert the insurance benefit.

  • Business Identity Theft

Business identity theft necessitates utilizing a business title for acquiring credit or billing the business’s consumers for commodities and assistance. Frequently, but not always, a social security number (SSN) of an organization representative is essential to execute business identity theft. Federal ID or Employee Identification Number is willingly accessible on public records, or internally, hence enhancing this offence. 

  • New Account Fraud

New account fraud usually means utilizing other confidential identification information to acquire items and assistances employing that individual’s good credit. The beginning of a new utility, new mobile phone, or new credit card account is the most widespread class of new account fraud. Since the thief is most probably utilizing another postal address, the sufferer never sees the record or bill for the new account.

  • Account Takeover Fraud

Account takeover fraud generally wields another individual’s account credentials (for instance, credit card numbers) to procure goods and services utilizing that individual’s existing accounts. It can also signify withdrawing cash from an individual’s bank account. Account numbers are frequently found in the trash, hacked virtually, snatched from the mailbox, or taken from a wallet.


It is crucial that one must keep a few suggestions in mind when utilizing any gadget or platform on the web.[3] 

  • Encrypt Devices and Accounts

Something fundamental and rudimentary is to accurately encrypt one’s gadgets and accounts. This infers that one must generate passwords that are secure and complex to safeguard their computers and the accounts they have. That password must comprise of alphabetical letters (upper and lower case), numbers, and other specific characters. It must be distinctive and totally random. As a supplementary option, it is engrossing to permit two-step authentication whenever feasible. This method will generate a subsidiary coating of security to stop the entrance of thieves who can steal one’s identification.

  • Keep Teams Up to Date

The apparatus must be accurately updated. In numerous instances, vulnerabilities emerge which are utilized by hackers to carry out the strikes. It is crucial that one must install the newest reinforcements and updates and repair those security loopholes.

  • Using Only Official and Trusted Software

Another extremely crucial matter is to wield only official and trusted software. It is correct that occasionally one may discover programs that can provide additional qualities, but one will put his/her guard and privacy in danger. Perfect is only official software.

  • Having Safety Equipment

Security software can aid us in avert malware from stealing one’s details. Having a fine antivirus is highly approved. Luckily, all have extensive probabilities in this regard. It should be put on to the kind of operating system everyone is utilizing.


In spite of being so elegant in character, it has not been included under Section 378 of the IPC[4] which deals with the clauses of theft. Nevertheless, revisions in the IPC concerning the crimes of forgery and fraud, tampering with electronic records were brought with the declaration of the Information Technology Act, 2000. In addition to this, the code also finds an individual guilty for the forgery of websites where they deceive sufferers to share their personal information. On the advice of the expert council introduced by Parliament, Section 417 – A[5] was included in the IPC which penalizes any person who has received an individual by utilizing the data and personal credentials of some other individual. Additionally, it establishes that any type of cheating through a computer web is punishable with imprisonment of up to five years.


Earlier to the amendment in 2008, Section 43 of the ITA[6] dealt with the issue where any person acquired another person’s computer without his/her consent. The guilt, in this case, was of civil nature, where the accused had to reimburse the amount which may increase to one crore. Additionally, Section 66 of the ITA[7] dealt with the cases of cybercrime but as stated in the definition cybercrime could only come into the act when there was any adjustment, eradication, or depletion in computer output. The notion of identity theft has no remedy. When the act was revised in 2008, the idea of identity theft was introduced. Under this amendment, Section 66 of the ITA[8] established criminal liability whenever a person has obtained access to another person’s computer or abetted the same. Strict laws have been instigated for the safekeeping of “sensitive personal data”. In the case of Puttaswamy vs. Union of India[9], the court formally recognized privacy as a fundamental right, where safekeeping of credentials was also contemplated within its umbrella. Moving towards Section 69 of the ITA[10], it states that the central government or the state government can utilize data for tracking and inspection. Though the Act of 200 has gone through various substantial revisions in safeguarding the protection of private data being abused, it is still not as diversified as one would aspire.


As the cases of fraud and cybercrimes are increasing, the government is managing with interpreting rules and regulations to safeguard the interest of the individuals and aiding them against any mischief occurring on the internet. Several laws are made to safeguard ‘sensitive private credentials’ through data protection and privacy strategy.

Authors Name: Pranjal Vashisht & Manas Sharma (JEMTEC School of Law, Greater Noida)

 [1] The United States of Department of Justice, ‘Identity Theft’ < Identity Theft (> accessed on 20 October 2021

[2] Dilpreet Singh, ‘Identity Theft: A Modern Era Crime’ (2020) SoOLEGAL < Identity Theft: A Modern Era Crime | SoOLEGAL> accessed 20 October 2021

[3] Ken Paxton, ‘Help Prevent Identity Theft’ < Help Prevent Identity Theft | Office of the Attorney General (> accessed 21 October 2021

[4] Indian Penal Code 1860, s 378

[5] Indian Penal Code, s 417 cl A

[6] Information Technology Act 2000, s 43

[7] Information Technology Act 2000, s 66     

[8] Information Technology (Amendment) Act 2008, s 66

[9] Writ petition (Civil) No. 494 of 2012

[10] Information Technology Act 2000, s 69

Sign Up to Our Newsletter

Be the first to know the latest updates

Whoops, you're not connected to Mailchimp. You need to enter a valid Mailchimp API key.