Hacking Data Theft Attract Offences Under IPC Also, Not Just Information Technology Act: SC

Key Takeaways

• In a case of hacking and data theft, the Supreme Court stated that, in addition to the penal provisions of the IT Act, offences under the IPC will be attracted as well.
• The case arose from a FIR filed on behalf of one TCY Learning Solutions Pvt. Ltd. on October 20, 2020 at the Punjab State Cyber Crime Police Station.
• They alleged that some of its ex-employees (the co-accused) had copied/ stolen data/ source code related to the Complainant Company's software and transferred it to one Exoways Web Technologies Private Limited, the company.

Case at Hand

• According to the High Court's impugned order of March 17, the brief details culled from the FIR are that M/s TCY Learning Solutions Private Limited (complainant-company) is a pioneer in the field of education technology and test preparation, including classroom and online coaching. The company has been in existence for over a decade and has created its own applications for educational purposes.
• The Single Bench noted that the Petitioner No.1 before the HC (Ramandeep Singh, who is also the co-founder and director of Exoways) had joined the Complainant-Company in February, 2015 as Deputy Manager Marketing and subsequently resigned to form a Companion Company with Jagjit Singh (petitioner No.2; the SLP petitioner before the SC) and one Rupinder Singh in the year 2018 and formed a Companion Company with Jagjit Singh Via its website 'fourmodules.com,' the organisation also provides English language training modules for students and coaching centres for English language test preparations such as IELTS.
• Also, there was a leak of the plaintiff company's software—the complainant learned from the industry that a company with the brand name "Fourmodules.in/Fourmodules.com" was delivering software of a similar look and usage as the complainant.

Further Details

• "As a result, in order to prevent employee fraud, the plaintiff developed a phony client database of phony email addresses. The aforementioned data was posted on the company's server, and staff of the company had access to it. The claimant was taken aback when it got a promotional email from Fourmodules.in/Fourmodules.com on an email ID that was false and purposefully used in the fake client data that was posted on the company's server. The aforementioned Email ID was never seen somewhere else. It was developed to discover the source of the leak in the complainant's business. The aforementioned data/email ID was posted on the company's server and access to it was restricted to a select few, one of whom was accused No. 1 (Rahul Nagpal; ex-employee of the plaintiff company). "The complainant investigated and discovered that the programme used by the accused persons were based on the complainant's source codes," the High Court said.
• When the complainant-company discovered that the web programmes used by the accused people were similar to the files of the complainant-company, it received a forensic report from one M/s Webrosoft Solution Pvt. Ltd., which matched the complainant's files with the Fourmodules.in/Fourmodules.com.
• According to the Webrosoft Report, it accessed 10 files for comparison from https://www.tcyonline.com and https://www.fourmodules.in, the websites of the Complainant Company and Exoways Web Technologies, respectively, and reported that these 10 files used several identical files, similar formats, and so on. An inquiry was undertaken based on the complaint received from the plaintiff firm, and hence the above-mentioned FIR was reported.
• The vacation bench of Justices Dinesh Maheshwari and Aniruddha Bose was examining an SLP against the High Court of Punjab and Haryana's March order dismissing the petitioner's anticipatory bail plea in connection with a FIR under sections 406 (criminal breach of trust), 408 (criminal breach of trust by clerk or servants in respect of property entrusted to him), 379 (theft), 381 (theft by clerk or servant of property in possession of master), 120-B, and 34 of the IPC, as well as Sections 43 (damage to machine, computer system, etc. ), 66 (computer related offences), and 66-B (dishonestly obtaining stolen computer assets or communication device) of the IT Act, 2000. The FIR alleges information hacking, unauthorised database and source code copying, among other offences.
• In a case of hacking and data theft, the Supreme Court stated that, in addition to the penal provisions of the IT Act, offences under the IPC will be attracted as well.

What is your say on this case?