Background The complainant filed a
case of fraud and cheating alleging theft and sale of proprietary
data. The complainant had a subsidiary company in the United States
which did business with its US partner. The US partner provided
mortgage loans to US residents for residential premises. The
business of the complainant was providing leads to their US
partner. The data included the details of the loan seekers along
with their telephone numbers. The complainant generated leads
through arrangements with call centers in India who called from
their database and short listed home owners who were interested in
availing refinance facility on their existing mortgage loans. The
complainant realized that there was a sudden drop in the
productivity of the call centers and therefore the production of
leads, although the inputs meant to be given to various call
centers by the employees of the company had remained the same as
before. The concerned officials of the company got alarmed and made
an in house enquiry. On a careful and meticulous scrutiny it was
revealed that one of the employees of the complainant (company), in
connivance with some other officers, had been deceiving and causing
wrongful loss to the company by selling the data purchased by the
company and in effect wrongful gain for themselves.
Investigation Preliminary investigations revealed that the
accused was holding the post of the senior programme manager and
was the team leader for data management. During employment the
accused along with his father had opened a partnership firm. It was
found that raw data was sent as attachments from the e-mail ID of
this (accused) firm’s Website domain. The Website was traced
and the e-mail ID address and registration details were recovered
by the investigating officer using specialized softwares. It was
revealed that the accused had passed data bought by and belonging
to the complainant firm to various call centers (as if the same
belonged to his firm), to make the calls on their behalf for
generating leads. The entire business process of the complainant
firm was studied and a systems analysis was conducted to establish
the possible source of data theft. The accused had opened a foreign
currency account in the name of his firm. An analysis of the
printout revealed that payments had been made to two call centers.
The call centers were contacted and the raw data sent as
attachments were corrected. The data was comprised of six separate
files and it was compared with the data purchased by the
complainant company in the US. This was done by writing and
executing SQL queries. Analysis of the e-mail headers of the mails
sent by the accused through his ID were carried out. The
originating IP address was found and information was obtained from
VSNL. Accordingly it was found that the range of IP was allotted to
the complainant company. It was thus established that the accused
has sent the stolen data from the office of the complainant company
using the e-mail ID of his (accused) firm. An analysis of the bank
account of the accused showed that payments were being made to two
people. It was found that they were also ex-employees of the
complainant company who had resigned after the accused left the
company. On interrogation he revealed that he had roped in two of
his colleagues who actively assisted him in his clandestine
activities. One of them, while still an employee of the complainant
company, coordinated with various call centers on behalf of the
accused. The other facilitated the installation of proprietary
sequencing software in the personal computer of the accused. In
order to have a clientele base in US, the accused had sought the
assistance of one more person. The two accused were arrested.
Case Studies 
