An investigation has uncovered a thriving illegal market in Madhya Pradesh where private detective agencies are selling sensitive personal data, including call details and bank balances. These agencies claim to access private information for a wide range of targets, from high-ranking IAS officers and politicians to private individuals, for fees ranging between 20,000 and 1.85 lakh rupees. This clandestine industry operates in the shadows of the digital age, exploiting systemic vulnerabilities to monetize the private lives of citizens. The sheer scale of the operation suggests a deeply rooted network that bypasses traditional security protocols with alarming ease, raising significant concerns about the safety of personal information in an increasingly connected world.
Sting operations expose illegal data syndicate
Reporters conducted sting operations on multiple firms to expose the depth of the trade. During these encounters, agency operators admitted to providing Call Detail Records (CDR), real-time locations, and banking transactions. They claimed to have insiders within telecom companies and banks who provide direct server access. One operator even boasted of having a family member at a high ranking police level to facilitate these illegal requests, asserting that such data can be procured within two to three days. The ease with which these individuals offered to breach privacy indicates a lack of fear regarding law enforcement. By posing as potential clients seeking information on public officials, the investigative team was able to document the standard operating procedures of these digital mercenaries. The revelation that insiders within regulated industries are actively collaborating with these agencies points to a massive failure in internal auditing and employee background verification processes across the banking and telecommunications sectors.
FCRF Launches Premier CISO Certification Amid Rising Demand for Cybersecurity Leadership
Sophisticated pricing for private information
The investigation revealed a structured pricing model for various illegal services. One agency charged 1.20 lakh rupees for six months of call details for three individuals, while another quoted 35,000 rupees for the same period. Additional costs are applied for specialized data: 15,000 rupees for bank statement analysis and 10,000 rupees for TDS and banking return details. Despite the high costs, the operators openly admitted that this information is entirely illegal and cannot be used as evidence in a court of law or reported to the police. This price list effectively places a bounty on the privacy of any individual, provided the buyer has the financial means. The market for this data appears to be driven by various motives, ranging from political espionage and business rivalry to personal vendettas. The existence of a “package deal” for comprehensive surveillance suggests that these agencies have standardized the process of identity theft and data intrusion, turning it into a professional service for those willing to pay the premium
Severe legal consequences for data breaches
Legal experts and industry leaders have flagged these activities as a massive threat to national security and a direct violation of constitutional rights. S.V. Jagga, Chairman of the Association of Detectives and Investigators (ADAI), noted that extracting CDR without legal authorization is a grave offense under the Indian Telegraph Act and the IT Act. Such actions constitute a violation of the Right to Privacy under Article 21 of the Indian Constitution. Under current laws, those involved in these data breaches can face up to three years in prison and fines ranging from 1 lakh to 2 crore rupees. The legal framework is designed to protect citizens from exactly this type of unauthorized intrusion, yet the enforcement gap remains wide. Experts argue that without a more robust mechanism to track and prosecute the end-to-end chain of data theft, including the corrupt insiders and the private agencies, the illegal market will continue to flourish. The current findings serve as a stark reminder that the digital infrastructure governing our financial and social lives requires more than just technical encryption; it requires a culture of accountability and strict legal oversight to prevent the commodification of private data.
