India has one of the largest and fastest-growing internet user bases in the world, with over 900 million internet users as of 2026. While the digital revolution has transformed the way we communicate, work, bank, shop, and access government services, it has also created vast new opportunities for criminals. Cyber crime — criminal activity carried out using computers, the internet, or other digital technologies — has seen an alarming rise in recent years. From phishing scams and data breaches to cyberstalking and online fraud, the threats are real and evolving rapidly. In this comprehensive guide, the cyber law experts at Your Justice explain the legal framework governing cyber crimes in India, the types of cyber crimes, their penalties, and how to protect yourself.
The Information Technology Act, 2000 (IT Act)
The Information Technology Act, 2000, is India's primary legislation dealing with cyber crime and electronic commerce. Enacted to provide legal recognition for electronic transactions and to facilitate e-governance, the IT Act was significantly amended in 2008 (IT Amendment Act, 2008) to address the growing threat of cyber crimes more effectively.
The IT Act applies to any offence or contravention committed outside India by any person, if the act or conduct constituting the offence involves a computer, computer system, or computer network located in India. This extraterritorial application is crucial in dealing with the inherently borderless nature of cyber crimes.
Key features of the IT Act include:
• Legal recognition of electronic records and digital signatures
• Regulation of certifying authorities for electronic signatures
• Definition and penalties for various cyber offences
• Establishment of cyber appellate tribunals
• Provisions for intermediary liability and safe harbor protections
• Framework for data protection and privacy (complemented by the DPDPA 2023)
Types of Cyber Crimes and Their Penalties
1. Hacking (Section 66 of IT Act)
Hacking refers to unauthorized access to a computer system, network, or data. Under the IT Act, if any person dishonestly or fraudulently accesses a computer resource without the permission of the owner, or downloads, copies, or extracts any data, it constitutes hacking.
Penalty: Imprisonment up to 3 years and/or fine up to Rs. 5 lakh. If the hacking is committed with the intent to cause damage or to access protected systems (like government networks or critical infrastructure), the penalties are significantly higher — up to 10 years imprisonment and a fine up to Rs. 1 crore under Section 66F (cyber terrorism).
2. Phishing and Online Fraud (Section 66C & 66D)
Phishing involves creating fake websites, emails, or messages that mimic legitimate entities (such as banks, government agencies, or e-commerce platforms) to trick victims into revealing sensitive information like passwords, credit card numbers, or OTPs. Under the IT Act:
• Section 66C (Identity Theft): Fraudulent use of another person's electronic signature, password, or unique identification feature. Penalty: Imprisonment up to 3 years and fine up to Rs. 1 lakh.
• Section 66D (Cheating by Personation): Using a computer resource to cheat by impersonating another person. Penalty: Imprisonment up to 3 years and fine up to Rs. 1 lakh.
Additionally, the Bharatiya Nyaya Sanhita (BNS) 2023, which has replaced the Indian Penal Code, contains provisions for cheating (Section 318) and fraud that apply to online fraud cases alongside the IT Act provisions.
3. Identity Theft (Section 66C)
Identity theft is one of the fastest-growing cyber crimes in India. It occurs when someone steals another person's personal information — such as Aadhaar number, PAN card details, bank account credentials, or digital identity — and uses it for unauthorized purposes including financial fraud, impersonation, or creating false documents.
Penalty: Under Section 66C, imprisonment up to 3 years and fine up to Rs. 1 lakh. Additionally, if the identity theft leads to financial loss, the victim can pursue civil remedies for compensation and the accused may face additional charges under the BNS for cheating and fraud.
4. Cyberstalking and Online Harassment (Section 354D BNS & Section 67 IT Act)
Cyberstalking involves repeatedly following, monitoring, or contacting a person through digital means with the intent to harass, intimidate, or threaten. Online harassment includes sending offensive messages, posting defamatory content, morphing images, and non-consensual sharing of intimate content.
Penalty: Under the BNS, stalking is punishable with imprisonment up to 3 years for the first offence and up to 5 years for subsequent offences. Under Section 67 of the IT Act, publishing or transmitting obscene material in electronic form is punishable with imprisonment up to 3 years and fine up to Rs. 5 lakh on first conviction and up to 5 years and Rs. 10 lakh on subsequent convictions. Section 66E (Violation of Privacy) deals with capturing and publishing images of private areas without consent — punishable with up to 3 years imprisonment and fine up to Rs. 2 lakh.
5. Data Theft and Breach of Confidentiality (Section 43 & 72)
Data theft involves unauthorized access, copying, downloading, or extraction of data from a computer system or network. This is particularly relevant for businesses and organizations that handle sensitive customer data, trade secrets, and proprietary information.
Penalty: Under Section 43, compensation up to Rs. 5 crore can be awarded to the affected party. Section 72 deals with breach of confidentiality and privacy by a person who has secured access to electronic records under the IT Act — punishable with imprisonment up to 2 years and/or fine up to Rs. 1 lakh. Under the Digital Personal Data Protection Act (DPDPA) 2023, data fiduciaries who fail to protect personal data can face penalties up to Rs. 250 crore.
6. Cyber Terrorism (Section 66F)
Cyber terrorism involves accessing a protected computer system with the intent to threaten the unity, integrity, sovereignty, or security of India, or to strike terror in the people. This includes hacking into government networks, defense systems, critical infrastructure, and financial institutions with malicious intent.
Penalty: Imprisonment which may extend to life imprisonment. This is the most severe penalty under the IT Act, reflecting the gravity of cyber terrorism.
7. Publishing Obscene Content (Section 67, 67A, 67B)
The IT Act has specific provisions dealing with the publication of obscene, sexually explicit, and child pornographic content online:
• Section 67: Publishing obscene material — up to 3 years and Rs. 5 lakh fine (first offence)
• Section 67A: Publishing sexually explicit material — up to 5 years and Rs. 10 lakh fine (first offence)
• Section 67B: Publishing child sexual abuse material — up to 5 years and Rs. 10 lakh fine (first offence), up to 7 years and Rs. 10 lakh (subsequent offences). This section also criminalizes online grooming of children.
How to Report Cyber Crimes in India
If you have been a victim of cyber crime, prompt reporting is essential. Here are the steps:
Step 1: Report on the National Cyber Crime Reporting Portal
The Government of India has established the National Cyber Crime Reporting Portal (cybercrime.gov.in) where you can file cyber crime complaints online. The portal categorizes complaints into two types: financial frauds (for immediate response) and other cyber crimes. For financial fraud, you can also call the Cyber Crime Helpline at 1930 for immediate assistance.
Step 2: File an FIR at the Local Police Station
You can file a First Information Report (FIR) at any police station, as cyber crime complaints are cognizable. Many cities, including Chandigarh, have dedicated Cyber Crime Police Stations or Cyber Cells that specialize in investigating digital offences. Provide all relevant evidence including screenshots, transaction records, email headers, URLs, and chat logs.
Step 3: Preserve Evidence
Digital evidence is crucial for cyber crime investigations. Do not delete any messages, emails, or records. Take screenshots with timestamps, save transaction details, and preserve any digital communications related to the crime. Evidence can be easily tampered with or lost, so immediate preservation is critical.
Step 4: Contact Your Bank (for Financial Fraud)
If you have suffered financial loss due to a cyber crime, immediately contact your bank to block the compromised account, card, or UPI ID. Report the unauthorized transaction to the bank in writing within three working days to maximize your chances of getting a refund under the RBI's circular on limiting liability of customers in unauthorized electronic banking transactions.
Role of Cyber Police in India
India has developed a multi-layered structure for dealing with cyber crimes:
• Indian Cyber Crime Coordination Centre (I4C): An initiative by the Ministry of Home Affairs to provide a framework for law enforcement agencies to deal with cyber crimes in a comprehensive and coordinated manner.
• State Cyber Crime Cells: Each state has established dedicated cyber crime investigation units staffed with technically trained officers.
• CERT-In (Indian Computer Emergency Response Team): The national nodal agency for responding to computer security incidents. CERT-In issues alerts and advisories, conducts vulnerability assessments, and coordinates cyber incident responses.
• Cyber Crime PS: Major cities including Delhi, Mumbai, Bangalore, Hyderabad, and Chandigarh have dedicated Cyber Crime Police Stations.
How Your Justice Can Help
At Your Justice, our cyber law experts have extensive experience in handling cyber crime matters — both defending those who have been falsely accused and pursuing justice for victims of cyber crimes. Here's how we can assist:
• Victim Representation: We help cyber crime victims file effective complaints, preserve evidence, and pursue legal remedies including compensation and criminal prosecution of the offenders.
• Defense in Cyber Crime Cases: If you have been wrongfully accused of a cyber crime, our advocates provide aggressive and strategic defense representation.
• Data Protection Advisory: We advise businesses on compliance with the IT Act, DPDPA 2023, and other data protection regulations to prevent data breaches and minimize legal liability.
• Intermediary Liability: We assist online platforms and service providers in understanding and complying with safe harbor provisions and intermediary guidelines under the IT Act.
• Corporate Cyber Security Legal Advisory: We provide legal guidance to organizations on developing cyber security policies, incident response plans, and data breach notification protocols.
• Litigation Before Cyber Tribunals: We represent clients in proceedings before adjudicating officers and the Cyber Appellate Tribunal for claims and compensation under the IT Act.
If you are dealing with a cyber crime issue — whether as a victim or an accused — contact Adv. Varsha at +91-9872747708 or email Yourjusticeindia@gmail.com for expert legal help.