The London police team investigating the case of UK Banks' data theft from Indian BPOs involving Karan Bahree has said the customer information contained in the computer disc is genuine.
"I can confirm that the bank customer details contained within the computer disc allegedly sold to the Sun newspaper by Karan Bahree, and later handed to the London police, are genuine," a London police official investigating the case said.
The London police is now working to ensure that no fraudulent activities take place on the compromised accounts, and is trying to establish the point of compromise for the data.
"We are being assisted in this task by Superintendent Kulwinder Singh of the Indian police," the official said.
The Sun tabloid reported that it had obtained account numbers, secret passwords, bank card details, and other personal details of 1,000 British Bank customers by paying $5,000 to Bahree.
While declining to comment on the progress at the Indian end, Kulwinder Singh said, "London police has told us that they have all the proof in their possession."
If the stolen data is genuine then the London police would easily be able to find out where the data was compromised in India by examining the BPOs to which the banks had outsourced the processes, he added.
Legal experts have pointed to the loopholes in the Indian Information Technology Act, and said even if the data theft is proved to have been done by Bahree, Indian laws do not treat this as a criminal offence, further, the civil liability under section 43 of the Act is up to Rs 1 crore (Rs 10 million), while the data stolen may have economic repercussions far higher.
"The IT Act is ambiguous on whether data theft is actually an offence or a contravention," said Vaibhav Parikh of Nishith Desai and Associates
This assumes importance, as last week a member of the London police investigating the case had said "as the data is alleged to have been sold on Indian soil, the Indian authorities will follow up the case to verify whether the allegations are true."