A sting operation has uncovered a network of so-called detective agencies allegedly selling highly sensitive personal data, including call detail records, bank transactions and tax information, pointing to what experts describe as a serious systemic breach in India’s telecom and banking infrastructure.
Sting Reveals Open Market for Private Data
According to the findings, reporters contacted Mukesh Tomar and Yogesh Bhelwal of an outfit identified as ‘Indore Detective Service’ using a fabricated case involving a female Tehsildar allegedly framed in a corruption case. The reporters claimed that an IAS couple and intermediaries had extorted ₹30 lakh and disappeared.
The contact did not question the authenticity of the story and instead offered access to phone numbers, location data, call records and related personal information. He is said to have asked whether the data concerned a wife, girlfriend, business partner or even a politician, and offered six months of call records along with TDS and bank account details.
Within minutes, sample data was allegedly shared and the offer widened to include banking transactions, tracing of financial flows, identification of linked accounts, mapping of communication networks, tracking movement through location data, and identifying associates and supporters. The contact also claimed the ability to recover deleted mobile data.
FCRF Launches Premier CISO Certification Amid Rising Demand for Cybersecurity Leadership
Structured Pricing and Admission of Illegality
The operation suggested an organised commercial structure rather than isolated misconduct. A formal invoice was later sent via WhatsApp, listing charges of ₹1.2 lakh for six months of call records for three individuals, ₹15,000 for bank statements and transaction analysis, ₹10,000 for TDS and tax-related data, and ₹40,000 as core investigation fees. The total package was priced at ₹1.85 lakh and marked as non-negotiable.
A second contact, identified as Aniket, confirmed that such services were illegal and could not be used in court, yet still offered to deliver one month of call records within two to three days. He quoted ₹12,000 for one month, ₹20,000 for three months and ₹35,000 for six months, while acknowledging that only senior police officials can legally access such material and only with proper authorisation.
Tomar also reportedly displayed sample call detail records showing logs including date, time, duration and location of calls, while claiming such information was easy for the network to obtain.
Legal Risks and National Security Concerns
According to the operators cited in the findings, the data is sourced through specialised software and insider access within telecom companies and banks. The information allegedly available includes call detail records, banking and TDS data, and even WhatsApp chats and media files, as claimed. Experts warned that the apparent ease of access points to major vulnerabilities in critical systems.
Legally, call detail records can only be accessed by authorised law enforcement agencies with court approval or high-level clearance. S.V. Jagga, chairman of the Association of Detectives and Investigators, said no legitimate detective agency has the authority to obtain such data. He said any agency engaging in such practices would be committing a criminal offence and could face legal action as well as revocation of professional accreditation.
The reported activities were described as violations of the Indian Telegraph Act, 1885 and the IT Act, 2000, carrying penalties of up to three years’ imprisonment and fines ranging from ₹1 lakh to ₹2 crore. Beyond privacy violations, the findings have raised broader concerns about national security, with experts warning that the existence of such a syndicate suggests deep institutional lapses in data protection, regulatory enforcement and internal safeguards.
