May 25,2023 | 11 min read




Identity theft is indeed a serious cybercrime that involves the unauthorized acquisition and use of someone else's personal information for fraudulent purposes. It occurs when a person's personally identifiable information (PII), such as their name, social security number, financial account details, or passwords, is stolen and misused by an individual or group.


Cybercriminals employ various techniques to carry out identity theft, including:


Phishing: This method involves sending deceptive emails, messages, or websites that mimic legitimate organizations to trick individuals into revealing their sensitive information.


Data breaches: When organizations experience a security breach, hackers can gain unauthorized access to databases containing valuable personal information of their customers or users.


Social engineering: In social engineering attacks, cybercriminals manipulate individuals through psychological manipulation to divulge confidential information.


Malware: Malicious software, such as keyloggers or spyware, can be used to track a person's keystrokes, steal login credentials, or capture personal data.


After accessing the Personal Information


Once the perpetrator obtains the victim's personal information, they can engage in various fraudulent activities, including:


Financial fraud: This involves using stolen information to make unauthorized purchases, apply for loans or credit cards, or empty bank accounts.


Identity cloning: Cybercriminals may assume the victim's identity to open new financial accounts, rent properties, or conduct illegal activities.


Tax fraud: The thief might use the stolen information to file fraudulent tax returns and claim refunds.


Medical identity theft: Personal details can be used to obtain medical services, prescription drugs, or submit false insurance claims.


Employment fraud: Criminals may use someone's identity to gain employment or obtain government benefits.


India and the crime of Identity Theft 


In India, identity theft is considered a serious offense, and there are several laws and regulations in place to address and penalize such cybercrimes. The primary legislation related to identity theft and data protection in India is the Information Technology Act, 2000 (IT Act), which was amended in 2008 to strengthen provisions for addressing cybercrimes. Here are the key provisions and laws related to identity theft in India:


Information Technology Act, 2000: The IT Act provides the legal framework for addressing cybercrimes, including identity theft. Relevant sections under the IT Act include:


a. Section 43: This section deals with unauthorized access, downloading, or extraction of data, including personal information, and imposes penalties for such actions.


b. Section 66C: It deals specifically with identity theft and makes it an offense to fraudulently use another person's identity electronically.


c. Section 66D: This section addresses cheating by impersonation using a computer resource and imposes penalties for such offenses.


d. Section 72 and Section 72A: These sections protect the privacy and confidentiality of personal information and impose penalties for unauthorized disclosure or misuse of such information.


Indian Penal Code, 1860: The Indian Penal Code contains provisions that can be applied to identity theft cases. Some relevant sections include:

a. Section 419: This section deals with cheating by impersonation and imposes penalties for fraudulent impersonation.


b. Section 420: It deals with cheating and dishonestly inducing delivery of property and can be applied to cases of identity theft involving financial fraud.


Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016: The Aadhaar Act regulates the collection, storage, and usage of Aadhaar numbers, which are unique identification numbers issued to Indian residents. It includes provisions for protecting the privacy and security of Aadhaar-related information and imposes penalties for unauthorized access or misuse.


Apart from these laws, various guidelines and regulations have been issued by government agencies such as the Reserve Bank of India (RBI) and the Ministry of Electronics and Information Technology (MeitY) to ensure data protection, secure online transactions, and prevent identity theft.


Identity Theft and the World


It is a significant cybercrime that occurs on a global scale, affecting individuals, businesses, and governments across various countries. Here's a global perspective on identity theft as a cybercrime:


United States: Identity theft is a widespread problem in the United States. The country has specific legislation to address identity theft, such as the Identity Theft and Assumption Deterrence Act (ITADA) and the Identity Theft Penalty Enhancement Act (ITPEA). The Federal Trade Commission (FTC) plays a crucial role in combating identity theft and provides resources to assist victims.


European Union: The European Union has taken steps to address identity theft and protect individuals' personal information. The General Data Protection Regulation (GDPR) establishes strict rules for the handling and processing of personal data, including measures to prevent unauthorized access and data breaches. Member states also have their own legislation to combat identity theft and cybercrimes.


Canada: Canada has laws in place to address identity theft, including the Criminal Code of Canada. The country has also established the Canadian Anti-Fraud Centre (CAFC) as a central agency to receive complaints and provide information to help combat identity theft and other types of fraud.


Australia: In Australia, identity theft is a growing concern. The country has enacted laws to combat identity-related crimes, such as the Crimes Act 1914 and the Privacy Act 1988. The Australian Cyber Security Centre (ACSC) provides guidance and resources to individuals and organizations to protect against identity theft and other cybercrimes.


United Kingdom: The United Kingdom has legislation to address identity theft, such as the Fraud Act 2006 and the Data Protection Act 2018. The Information Commissioner's Office (ICO) is responsible for enforcing data protection laws and promoting good information-handling practices.


Other Countries: Identity theft is a global issue, and many other countries have enacted laws and regulations to combat it. These include countries like Japan, Singapore, Brazil, and South Africa, among others. Additionally, international cooperation and collaboration among law enforcement agencies and cybersecurity organizations play a vital role in combating cross-border identity theft and cybercrimes.


Efforts to combat identity theft globally include raising awareness among individuals and businesses about preventive measures, enhancing cybersecurity practices, implementing stricter data protection regulations, and facilitating international cooperation in investigations and information sharing.




Identity theft can have severe consequences for victims, including financial loss, damage to credit scores, legal issues, and emotional distress. To protect yourself from identity theft, it is crucial to safeguard your personal information, be cautious of phishing attempts, use strong and unique passwords, regularly monitor financial accounts, and keep your devices and software updated with the latest security patches. Additionally, promptly reporting any suspected identity theft to the relevant authorities and financial institutions is essential to mitigate the damage and prevent further harm.


It's important to note that the specific laws, regulations, and approaches to combat identity theft may vary from country to country. It's advisable to consult the relevant laws and regulations in your jurisdiction for accurate and up-to-date information.


Need Free Legal Advice or Assistance Online?

For any Cyber Laws related matter, please Post Your Requirement anonymously and get free proposals OR find the Best Cyber Laws Lawyers and book a free appointment directly.












Nidhi Mathur

Lawgical Associates deals in matters pertaining to Sexual Harassment, Consumer Protection laws, Employment & Labour Laws, IPR, Startups Advisory, HR Advisory, White Collar Crime & Fraud Investigation, Family Law & Divorce matters, Real Estate, Regulatory Affairs & Compliances, Social Sector/NGOs, Start-up’s, Healthcare, White Collar Crime & Fraud Investigation, Environmental Laws, M&A /Private Equity, HR Advisory and General Corporate Advisory.