In a decisive move to safeguard citizens’ digital privacy, the Indian government has directed VPN service providers, internet platforms, and major digital intermediaries to immediately block websites that are leaking or trading the personal data of Indian users. The directive follows a surge in reports of sensitive information—such as phone numbers, Aadhaar details, and addresses—being openly sold on the dark web and public forums.
Government Acts Amid Rising Data-Leak Threats
Over the past year, India has witnessed multiple large-scale data leak incidents involving telecom users, students, government beneficiaries, and insurance customers. With cybercrime syndicates becoming increasingly sophisticated, leaked datasets are being used to fuel scams, phishing attacks, and identity theft.
The Ministry of Electronics and IT has now stepped in, calling the leaks a “serious threat to national security and public safety.”
VPN Services, ISPs, and Platforms Told to Comply Immediately
The government has specifically instructed VPN services, telecom operators, social media platforms, app stores, and digital intermediaries to:
- Block websites and URLs found leaking personal data
- Remove access to platforms selling stolen information
- Strengthen monitoring of suspicious web activity
- Cooperate with ongoing cyber-investigations
Failure to comply may result in penalties under India’s IT Rules and the Digital Personal Data Protection Act.
The directive highlights that many cybercriminals use VPNs to mask their identities while hosting or accessing data-leak websites. By involving VPN platforms in enforcement, the government aims to curb the technical loopholes exploited by attackers.
DPDP Act Comes Into Play
The newly implemented Digital Personal Data Protection (DPDP) Act gives the government wider authority to penalise data handlers who fail to protect user information. The current crackdown is among the first major enforcement actions under the law, which places strong emphasis on accountability, secure processing, and prevention of data misuse.
Officials stated that protecting citizens’ data is now a national priority.
Users Warned to Stay Alert
While platforms strengthen security measures, the government has urged citizens to remain cautious online. Users have been advised to avoid sharing personal details unnecessarily, enable two-factor authentication, and stay vigilant against suspicious calls or messages referencing leaked information.
A Step Toward Strengthening India’s Cybersecurity Framework
This directive marks a significant push toward tightening India’s data-protection ecosystem. By targeting websites selling stolen data and the networks enabling their access, the government hopes to reduce digital vulnerabilities and build a safer online environment for millions of Indian users.
