BACK TO IT ACT
IT Act 2000AMENDED 2008

Section 66

Computer Related Offences

THE STATUTE

Original Text

If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment of either description for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.

Simplified

Section 66 is the criminal counterpart to Section 43. The distinction is critical: Section 43 applies to any unauthorised act (civil remedy); Section 66 applies only where the act is done 'dishonestly or fraudulently' (criminal prosecution). This mens rea requirement means accidental unauthorised access — say, a programmer mistyping a URL and landing in a restricted area — does not attract criminal liability under Section 66, though it might still ground a Section 43 civil claim. 'Dishonestly' and 'fraudulently' are defined by reference to IPC/BNS: dishonestly means with intent to cause wrongful gain or wrongful loss; fraudulently means with intent to defraud. The offence is cognizable — police can arrest without a warrant — and bailable, meaning the accused has a right to bail. The 2008 Amendment restructured this provision comprehensively: the original Section 66 (which simply made hacking an offence) was replaced by a tighter, IPC-linked formulation. Associated provisions like 66A through 66F were added to cover specific cyber offences including identity theft (66C), cheating by personation (66D), violation of privacy (66E), and cyber terrorism (66F).

Common Queries

Section 66 prescribes imprisonment up to 3 years and/or fine up to ₹5 lakh for any act described in Section 43 (unauthorised access, data theft, virus introduction, etc.) done dishonestly or fraudulently.
Section 43 is civil — it provides compensation to victims. Section 66 is criminal — it punishes the offender with imprisonment. The same act (e.g., hacking) can attract both civil liability under Section 43 and criminal prosecution under Section 66.
Yes. Section 66 carries a maximum of 3 years imprisonment, and under Section 77B, IT Act offences with 3-year maximums are bailable.
Yes. Section 85 makes companies liable for offences under the IT Act. The company itself and every responsible officer (director, manager, secretary) can be prosecuted.

Legal Evolution

The original IT Act 2000's Section 66 defined 'hacking' as a stand-alone offence. The 2008 Amendment deleted the hacking definition and replaced the section with a cross-reference to Section 43's acts, adding the dishonesty/fraud qualifier. This restructuring was partly in response to concerns that the original provision was drafted too broadly and partly to align with international standards. The 2008 Amendment's addition of Sections 66A-F created a comprehensive cyber-offence framework — though 66A was struck down by the Supreme Court in 2015.

Key Amendments

2008 Amendment replaced standalone 'hacking' definition with a Section 43 cross-reference plus dishonesty/fraud requirement.

Section 66A (offensive online messages) struck down as unconstitutional in Shreya Singhal (2015).

Section 66B through 66F cover receiving stolen computer resources, identity theft, cheating by personation, privacy violation, and cyber terrorism respectively.

Landmark Precedents

Shreya Singhal v. Union of India (2015)

(2015) 5 SCC 1
RELEVANCE

Struck down Section 66A entirely on free speech grounds; this is the most consequential IT Act judgment, reshaping the entire Section 66 cluster.

Syed Asifuddin v. State of Andhra Pradesh (2005)

2006 CriLJ 274
RELEVANCE

Andhra Pradesh HC held that mobile phone handset tampering to use competitor's services amounted to an offence under Section 66, interpreting 'computer' broadly.