New Delhi: Delhi Police has registered an FIR following a complaint from the Central Board of Indirect Taxes and Customs (CBIC) regarding a significant breach of sensitive data from critical information infrastructure and protected systems, including the ICEGATE portal. The stolen data was reportedly sold online and further offered for sale by approximately 70 websites.
Investigation and Findings
As part of their investigation, CBIC officials conducted a clandestine operation by purchasing sample datasets from various platforms. The analysis confirmed that the data was authentic and matched official government records. Consequently, a joint director of CBIC filed a formal complaint with the police.
Sources indicate that investigators are probing an insider involvement, alongside potential economic espionage. The role of a disgruntled customs official is under scrutiny, and several individuals have been questioned in connection with the breach.
Nature of the Breach
The FIR reveals that highly sensitive trade data, including pricing details, supplier relationships, and sourcing patterns, was illegally extracted and offered for commercial sale online by numerous entities worldwide. The targeted systems are designated as critical information infrastructure under the IT Act, specifically the ICEGATE and ECCS portals used by importers and exporters for filing official documents.
According to the FIR, investigators identified 70 websites operating across Indian, Chinese, and other international jurisdictions that were monetizing the stolen government data. To verify the leak's authenticity, CBIC officials set up undercover accounts and purchased sample datasets from several platforms.
The analysis showed that while the data format headers had been altered, the actual content perfectly matched official government records. Authorities have warned that the dissemination of this economic intelligence allows competitors to undercut Indian exporters, distorts fair market discovery, and poses a systemic risk to national economic security.
Legal Provisions Invoked
The case has been registered under several stringent provisions, including Section 135A of the Customs Act for unauthorized disclosure of information and multiple sections of the Information Technology Act, 2000. Additionally, police have invoked Sections 318(4) and 61(2) of the Bharatiya Nyaya Samhita to investigate criminal conspiracy and wrongful loss caused to the state.
Given the sensitivity of the breach, officers have declined to share further details. The investigation is focusing on tracing financial trails, identifying data exfiltration vectors, and examining the role of any internal vendor or contractor, sources said.
