Identity Theft
Fraudulently or dishonestly using another person's electronic signature, password, or unique identification feature — an offence under Section 66C of the IT Act.
Full Definition
Section 66C of the IT Act specifically criminalises identity theft in the digital context: whoever, fraudulently or dishonestly, makes use of the electronic signature, password, or any other unique identification feature of any other person shall be punishable. This covers: using someone else's login credentials, duplicating their digital signature, using a stolen Aadhaar number or PAN for authentication, and exploiting leaked biometric data. Identity theft under 66C is closely related to cheating by personation under 66D (using a computer resource to impersonate another for fraudulent gain). The two often arise together in SIM-swap fraud, phishing, and online banking fraud cases.
In Indian Law
IT Act Section 66C: imprisonment up to three years and fine up to ₹1 lakh. Often charged alongside Section 66D (cheating by personation using computer resources) and IPC Section 420 (cheating). High-profile cases include SIM-swap scams where attackers ported victims' numbers and drained bank accounts — the perpetrators were charged under Sections 66C, 66D, and 420 IPC. The DPDP Act 2023 adds a data protection overlay: misuse of a person's personal data to impersonate them may also attract DPDP penalties.
Related Legal Sections
Frequently Asked Questions
Is using someone else's OTP to log into their bank account identity theft under the IT Act?
Yes. An OTP is a 'unique identification feature' under Section 66C. Using another person's OTP without their consent to access their account is identity theft, punishable with up to three years' imprisonment and a fine.