In a rare instance of corporate accountability in a cyber fraud case, the Adjudicating Officer of Gujarat has ordered ICICI Bank and Vodafone Idea Limited to compensate a company that lost ₹1.19 crore in a SIM swap fraud. The decision, delivered on July 31, 2025, follows a detailed investigation by Ahmedabad City Cyber Crime Police, which uncovered a sophisticated scheme involving forged communication, compromised telecom processes, and swift bank withdrawals.
The case began between the night of March 11 and 12, 2023, when an email, purportedly from the victim company, was sent to Vodafone Idea requesting a SIM card replacement. The request, later confirmed to be fraudulent, was processed without the knowledge of the company’s genuine representatives.
FCRF Launches India’s Premier Certified Data Protection Officer Program Aligned with DPDP Act
With the company’s phone number compromised, fraudsters gained control over one-time passwords (OTPs) linked to its ICICI Bank account, siphoning off ₹1,19,37,000. The scheme was executed before the victim detected the network outage.
Investigation Unravels Network of Conspirators
The FIR was registered under IPC Sections 406, 420, and 120B, along with Sections 66(C) and 66(D) of the Information Technology Act. Police Inspector M.R. Pardva, who led the investigation, traced the fraud to West Bengal, where six accused were arrested. The group included bank account holders, a SIM provider, the email account user, and a Vodafone store manager. Technical and documentary evidence was compiled into a chargesheet, establishing the chain of events and the role of each accused.
Parallel to the criminal case, the victim company filed Civil Complaint No. 1/2023 before the Adjudicating Officer, seeking recovery of losses from the intermediaries involved. During hearings, the investigation officer presented evidence linking operational lapses to the fraud.
The final order classified ICICI Bank and Vodafone Idea Limited as “intermediaries” and held them liable. ICICI Bank was directed to pay ₹10 lakh as a penalty and ₹1.05 crore as compensation. Vodafone Idea Limited was fined ₹5 lakh. Both were given six weeks to make payments and six months to audit and fix internal security gaps.
Cybersecurity experts have hailed the ruling as a precedent-setting decision, highlighting that victims of such frauds can pursue remedies beyond police complaints by approaching the adjudicating authorities under the IT Act.