Bengaluru Data Heist: Tech Executive Booked for ₹87 Crore Theft, Sparks Debate on India’s Cyber Laws
Police probe reveals ex-employee allegedly stole source code and confidential data worth €8 million
Case highlights gaps in corporate cybersecurity and India’s data protection laws
By Our Legal Correspondent
New Delhi: January 28, 2026:
In January 2026, Bengaluru police registered a case against Ashutosh Nigam, a former senior manager at Amadeus Software Labs India Pvt Ltd, for allegedly stealing proprietary source code and sensitive company data valued at nearly €8 million (₹87 crore). The FIR was lodged at the Whitefield CEN Crime Police Station after an internal audit flagged suspicious transfers of source code from official systems to Nigam’s personal email account.
Also Read: India-EU FTA: Big Export Gains, But Domestic Industries Brace for Challenges
This incident has sent shockwaves through India’s tech industry, raising concerns about insider threats, corporate cybersecurity, and the adequacy of India’s legal framework to deal with data theft.
The Case in Detail
- Company Involved: Amadeus Software Labs India Pvt Ltd, a leading IT solutions provider.
- Accused: Ashutosh Nigam, Senior Manager – Research Scientist.
- Allegation: Unauthorized transfer of proprietary source code and confidential data on October 11, 2025.
- Discovery: Internal review flagged anomalies; Nigam reportedly confessed during questioning.
- Legal Action: FIR filed under provisions of the Information Technology Act, 2000 and relevant sections of the Indian Penal Code (IPC).
Laws Against Data Theft in India
1. Information Technology Act, 2000 (IT Act)
- Section 43: Penalizes unauthorized access, downloading, copying, or extraction of data.
- Section 66: Treats such acts as cybercrimes, punishable with imprisonment up to 3 years and fines.
- Section 72: Protects confidentiality and privacy of data.
2. Indian Penal Code (IPC)
Also Read: Supreme Court Says Development and Environment Must Go Hand in Hand
- Section 378 (Theft): Covers dishonest removal of property, including digital assets.
- Section 405 (Criminal Breach of Trust): Applies when employees misuse entrusted data.
- Section 420 (Cheating): Used when deception leads to wrongful gain.
3. Digital Personal Data Protection Act, 2023 (DPDP Act)
- Provides a framework for protecting personal data.
- Empowers the Data Protection Board of India to impose penalties for misuse.
- Though focused on personal data, it indirectly strengthens corporate compliance.
Why This Case Matters
- Insider Threats: Highlights risks posed by trusted employees with access to sensitive systems.
- Corporate Losses: Data theft can cause financial damage, reputational harm, and loss of competitive advantage.
- Legal Gaps: India’s IT Act is over two decades old and needs modernization to address advanced cybercrimes.
What Companies Should Do to Prevent Data Theft
1. Strengthen Access Controls
- Limit access to sensitive data based on role.
- Use multi-factor authentication for critical systems.
Also Read: Supreme Court Orders Higher Compensation for Families of Manual Scavenging Victims
2. Implement Data Loss Prevention (DLP) Tools
- Monitor and block unauthorized transfers of source code or confidential files.
- Track suspicious email or USB activity.
3. Regular Security Audits
- Conduct internal audits to detect anomalies early.
- Use forensic tools to investigate suspicious activity.
4. Employee Training & Awareness
- Educate staff about cyber laws and consequences of data theft.
- Promote ethical handling of corporate information.
5. Legal Safeguards
- Draft strong employment contracts with confidentiality clauses.
- Pursue civil damages alongside criminal prosecution in case of theft.
6. Incident Response Plans
- Establish protocols for quick detection, reporting, and containment of breaches.
- Collaborate with cybercrime cells for investigations.
Broader Implications
- For Tech Industry: Reinforces the need for robust cybersecurity frameworks.
- For Policymakers: Signals urgency to update IT Act and align with global standards.
- For Employees: Serves as a cautionary tale about the legal and career consequences of data theft.
Also Read: Supreme Court Allows CCI Probe into JioStar’s Alleged Abuse of Dominance in Kerala Cable TV Market
Conclusion
The Bengaluru data heist case is a wake-up call for India’s corporate sector. While the IT Act, IPC, and DPDP Act provide legal remedies, companies must proactively safeguard their digital assets. Stronger access controls, employee awareness, and advanced monitoring tools are essential to prevent insider threats. As India positions itself as a global tech hub, ensuring data integrity and cybersecurity will be critical to sustaining investor confidence and protecting innovation.
Suggested Keywords (SEO + ChatGPT)
- Bengaluru data theft case 2026
- Amadeus Software Labs India data breach
- Ashutosh Nigam data theft Bengaluru
- Information Technology Act India data theft
- Cybercrime laws India 2026
- Digital Personal Data Protection Act India
- Corporate cybersecurity India
- Insider threat prevention IT firms
- Bengaluru police cybercrime FIR
- Source code theft India case