Client Employee

Bombay High Court Issues John Doe Order

Friday December 6, 2024. BY Amisha Upadhyay | Civil
BOMBAY HIGH COURT ISSUES JOHN DOE ORDER
BOMBAY HIGH COURT ISSUES JOHN DOE ORDER

The Hon’ble Bombay High Court (“HC”) in a recent judgment[i] has granted a temporary injunction to HDFC Life Insurance Co. Ltd. (“Applicant”) against an unidentified individual who allegedly attempted to extort money by threatening to leak sensitive customer data. The HC’s order aims to prevent the potential breach and safeguard the privacy of the insurers.

Brief Facts of the Case:

The Ld. Single Judge of the HC granted a temporary injunction in favour of the Applicant against Defendant No.6, an unidentified individual, who attempted to extort money from the applicant by threatening to disclose confidential customer data. The HC, therefore, restrained Defendant No.6 from using, reproducing, publishing, distributing, transmitting, or disclosing any confidential information related to the applicant that was not publicly available.

The Applicant, an insurance company, operating under the brand name “HDFC Life,” which is also a registered trademark, the Applicant had established a strong market reputation. In accordance with business practices and statutory and regulatory requirements, including Know Your Customer (KYC) obligations, the Applicant collected and stored personal data related to its customers. The aforesaid data was exclusively intended for regulatory compliance and to provide services to customers, and was shared by them on a confidential basis, with its use restricted to the Applicant and regulators as per legal requirements.

On 19th November 2024, the Applicant received emails from an anonymous individual, Defendant No. 6 / John Doe, using the email address ‘bsdqwasdg@gmail.com.’ These emails claimed that Defendant No.6 had obtained a significant amount of the Applicant’s customer data. Defendant No.6 threatened to release and sell the data unless the Applicant engaged in certain negotiations. The emails included samples of the data that appeared to have been unlawfully obtained. On 20th November 2024, Defendant No.6 sent additional emails urging the Applicant to contact them via Defendant No.3 i.e. Telegram and also sent messages on Defendant No.2 via WhatsApp, reiterating the threats. Defendant No.6 demanded payment in 1800 Ethereum virtual coins, which equated to approximately         Rs. 54.50 crore.

Analysis by the Hon’ble Bombay High Court:

The HC held that the Applicant had established a prima facie case for the grant of ad-interim relief, emphasizing the potential harm that could arise from the disclosure of sensitive and confidential customer data. It noted that the release or misuse of such data could lead to serious consequences, including identity theft, financial fraud, privacy violations, and unauthorized transactions. The HC also highlighted the risk of the data being exploited for fraudulent activities, such as impersonating the applicant, which would not only violate privacy but also infringe upon the Applicant’s registered trademark and lead to passing off. The HC found that such damage could not be adequately compensated by monetary relief, particularly since Defendant No.6 remained an unidentified entity.

As a result, the HC granted a temporary injunction, restraining Defendant No.6 and all related parties, including their directors, employees, agents, and affiliates, from using, copying, publishing, distributing, transmitting, or disclosing any confidential information related to the Applicant that was not in the public domain. The injunction granted applied to any medium or platform. The HC further directed Defendant Nos.1 to 5 to take immediate steps to remove or disable any accounts, content, domain names, email addresses, or phone numbers linked to such unlawful activities. Additionally, upon notice from the Applicant, Defendant Nos.1 to 5 were required to act swiftly to remove or block further instances of such misuse and file an affidavit confirming compliance.

Furthermore, Defendant Nos.1 to 3 were ordered to disclose, by affidavit, all available information regarding Defendant No.6, including names, addresses, email addresses, phone numbers, organizational affiliations, and any relevant IP addresses or URLs linked to the unlawful activities.

In author’s opinion, the Hon’ble Bombay High Court’s decision to grant a temporary injunction in favour of HDFC Life Insurance Co. Ltd. is a significant relief. Per the aforesaid order of the Hon’ble Bombay High Court has aimed at protecting both the insurer and its customers from the serious threats posed by data extortion by unknown. The Hon’ble Court’s proactive approach, especially in restraining the unidentified defendant from disseminating confidential information and directing swift action against online platforms facilitating such misconduct, reinforces and safeguards companies / entities. This judgment sets a significant precedent for how courts may deal with cyber threats and data extortion in the future, ensuring that companies can take immediate legal action to prevent irreparable harm.

[i] HDFC Life Insurance Company Ltd. v. Meta Platforms Inc. and Ors. (Interim Application (L) No.35886 of 2024 in Com IPR Suit (L) No.35837 of 2024), decided on 29th November, 2024.

Tags: , , , ,
Related posts
Bombay High Court Reiterates Rejection Of Plaint To Be Directed Due To Non-Compliance With Mandatory Mediation Procedure Under Section 12A Of The Commercial Courts Act, 2015Bombay High Court Reiterates: Rejection Of Plaint To Be Directed Due To Non-Compliance With Mandatory Mediation Procedure Under Section 12A Of The Commercial Courts Act, 2015
Existence Of Employer-Employee Relationship Must Be Indisputable In Proceedings Under The MRTU & PULP Act: Bombay HCExistence Of Employer-Employee Relationship Must Be Indisputable In Proceedings Under The MRTU & PULP Act: Bombay HC
Validity of non-compete clauses post termination of agreement- Bombay High Court

Comments are closed.

Get in touch with us

Contact Us
contact us
X