Identity theft in India in 2022: How to recognise and prevent it

What is identity theft?

Identity theft is the practice of getting enough information about someone to impersonate them for some illegal purpose. 


Sometimes, professional hackers steal data on an industrial scale from a company or a government database. Alternatively, dishonest employees will use their privileged access to personal information to steal it and sell it. 


Unfortunately, identity theft happens on personal computers too.


If you become a victim of identity theft, cybercriminals can get access to your bank account, or they may even open new accounts in your name and proceed to run up credit at your expense. 


This can be a catastrophic and stressful experience. At best, you will have the problem  of having your money stolen. At worst, you could end up being arrested for criminal offenses committed in your name.

Identity theft in India: the numbers

The problem has been increasing exponentially in recent years. Over a million cybersecurity breaches were recorded in India in 2020, three times the number for the previous year.


The most notorious thefts of data in India have taken place in large corporations and government agencies.


These incidents happened in 2020/2021:


  • A security breach at an Air India server resulted in the sensitive data of 45,00,000 of its passengers over a ten-year period being leaked, including vital passport and credit card details.
  • According to the same resource, hackers stole the credit card data and fingerprints of 35 million users of the payment processor Juspay, commonly used on platforms such as Amazon and Swiggy. This was then put up for sale on the dark web for 5,000 USD.
  • Hackers stole 20,50,000 client records from the database of the brokerage company Upstox. This included account details of people who were trading in shares, mutual funds, and initial public offerings. 
  • Perhaps most embarrassingly for law enforcement, data for all 50,000 participants in a December 2019 police recruitment exam was stolen and put on sale. This included personal information that could be used to create false identification. 


Corporations are becoming more aware of the need for rigorous cybersecurity. They are encrypting their data with such facilities as a Surfshark VPN, and being more vigilant for corrupt employees who might sell access to their data.

Ways to protect yourself from identity theft

There are many ways of stealing a person’s data online. 


Some identity theft is beyond the victim’s control. 


This is where data is stolen without their knowledge or participation, either by hackers or dishonest employees. 


Other kinds of theft can be prevented with some simple precautions, particularly when you’re dealing with email.


Here are the ways you can protect yourself from identity theft.

If you’re on your personal computer

If you’re on your personal computer, follow this advice to avoid identity theft:


  • Never click on a suspicious link. It may contain spyware that will steal your data. 
  • If you get a message claiming to be from your bank or some company you have an account with, always check the address to ensure it’s genuine. Beware of fake email addresses that look almost like the real thing, perhaps with a word added, like
  • Beware of any email that tries to shock you into instant action, e.g. by telling you your bank account has been compromised. Carefully check the source. These emails are usually fraudulent.
  • If you have your own internet connection, get a VPN. This will make your communication unreadable to anyone who intercepts it.
  • If you don’t have your own internet connection, try to use that of a friend or family member. Avoid dealing with any sensitive data while using public Wi-Fi or internet cafés.
  • Log out of your account when you’re finished with your mail, to prevent unauthorized access.


For savvy fraudsters, email accounts are usually the gateway to people’s money or the data they need to access. Taking care of your account is the first step to safety.

If you’re dealing with financial institutions

Here’s what you need to do when dealing with financial institutions:


  • Check your bank account as often as you can, to spot any transactions not made by you.
  • If you have access to a secure internet connection, have your account details available to you online, so that you can check them as frequently as you wish.
  • Once your account is online, get your bank to stop contacting you by ordinary mail. This needlessly duplicates communication and doubles the risk of your data being stolen.
  • Remember, if you’re asked for your password, PIN, or one-time security code by phone or email, you’re dealing with a fraudster. 
  • Be sensible when it comes to passwords. Make sure you have a different one for every account, and they’re hard to guess. Store them separately from your computer. 
  • Consider signing up with a monitoring service that checks and notifies you of any financial activity in your name. 


Taking these precautions will go a long way to deprive the identity thieves of what they crave most, i.e. access to your money.

If you’re dealing with tech support of any kind

Here’s how to deal with tech support:


  • Check the web address of any site that provides a phone number for tech support. Fraudsters often pose as staff for global IT companies such as Google and Microsoft.
  • Never allow anyone to access your computer. Genuine tech staff will never need to do this, but it’s a favourite trick of fraudsters and identity thieves. They’ll use it to put spyware on your device and steal your passwords and financial data.
  • Always ignore pop-ups on your screen that tell you your computer is infected and you need to contact some company to get it fixed. This is always a scam, usually to steal your data.


Taking these precautions will eliminate many cyber threats, as the tech support trick is a much-loved means of access to people’s devices by scammers.

What if your identity is stolen?

If you find you have been a victim of identity theft, immediately contact your bank or whatever company is involved, and put a hold on all activity on your account. Then report it to the police. 


This is necessary even if the police take no action. You will need documentary evidence that you have filed a report in order to claim back any stolen money.

Concluding thoughts

Identity theft is, unfortunately, here to stay. To maintain and protect its international reputation, India needs to do all it can to safeguard the data of individuals and companies. 


It’s a matter of having a combination of the best technology and the best practices and limiting the damage when there is a security breach. Both individuals and corporations need to remain vigilant.


Latest news