| Rank | State/UT | Estimated Identity Theft & Data Breach Cases (2025) |
|---|---|---|
| 1 | Karnataka | 2,500 |
| 2 | Telangana | 2,100 |
| 3 | Uttar Pradesh | 1,200 |
| 4 | Maharashtra | 1,000 |
| 5 | Delhi | 800 |
| 6 | Tamil Nadu | 600 |
| 7 | Gujarat | 500 |
| 8 | Andhra Pradesh | 400 |
| 9 | Bihar | 350 |
| 10 | Haryana | 300 |
| 11 | Rajasthan | 250 |
| 12 | Kerala | 200 |
| 13 | Madhya Pradesh | 180 |
| 14 | West Bengal | 150 |
| 15 | Punjab | 140 |
| 16 | Odisha | 120 |
| 17 | Jharkhand | 100 |
| 18 | Chhattisgarh | 90 |
| 19 | Assam | 80 |
| 20 | Uttarakhand | 70 |
| 21 | Himachal Pradesh | 50 |
| 22 | Jammu and Kashmir | 40 |
| 23 | Goa | 30 |
| 24 | Tripura | 20 |
| 25 | Manipur | 20 |
| 26 | Chandigarh | 15 |
| 27 | Puducherry | 10 |
| 28 | Andaman and Nicobar Islands | 5 |
| 29 | Arunachal Pradesh | 5 |
| 30 | Meghalaya | 5 |
| 31 | Mizoram | 5 |
| 32 | Nagaland | 5 |
| 33 | Sikkim | 5 |
| 34 | Dadra and Nagar Haveli and Daman and Diu | 0 |
| 35 | Ladakh | 0 |
| 36 | Lakshadweep | 0 |
Identity theft and data breaches in India, where criminals unlawfully acquire personal information such as Aadhaar numbers or banking details, or infiltrate systems to disclose sensitive data, represent a significant threat as the nation adopts a digital lifestyle.
These offenses, governed by the Information Technology Act, encompass phishing emails, counterfeit applications, and extensive data leaks.
This article analyzes the projected ranking of identity theft and data breach incidents across India’s 28 states and 8 Union Territories (UTs) for the year 2025, detailing the statistics, elucidating why certain states experience a higher frequency of attacks, and examining the underlying issues that contribute to this crisis.
The projections are based on data from the National Crime Records Bureau (NCRB) for 2023, trends from the Indian Cybercrime Coordination Centre (I4C), and preliminary insights for 2025, as comprehensive data for that year will not be available until late 2026.
The estimate for 2025 anticipates approximately 8,500 cases of identity theft and data breaches nationwide, representing a portion of around 100,000 total cybercrimes.
Karnataka ranks first with 2,500 cases, followed by Telangana with 2,100, Uttar Pradesh with 1,200, and Maharashtra with 1,000. Delhi and Tamil Nadu follow with 800 and 600 cases, respectively.
Smaller Union Territories such as Lakshadweep, Ladakh, and Dadra and Nagar Haveli and Daman and Diu (DNHDD) report no incidents.
These figures indicate a 15% increase from the estimated 5,000–7,000 cases in 2023 (derived from NCRB’s 25,334 instances of cheating by impersonation and over 3,000 computer-related offenses), propelled by significant data leaks (for instance, ICMR’s 815 million records in 2023) and an increase in digital devices (75 billion connected devices anticipated in 2025).
What accounts for the disparity in case numbers among states, with some reporting thousands of incidents while others report none? Let us explore the reasons behind this phenomenon.
Reasons Behind Increased Attacks in Certain States
Karnataka and Telangana
Karnataka, with 2,500 reported cases, and Telangana, with 2,100, are experiencing a surge in cyberattacks due to their status as India’s technology centers.
Bengaluru and Hyderabad are home to major IT corporations, startups, and millions of digital users.
In 2023, Karnataka documented 21,889 cybercrimes, with approximately 10% (2,200) related to identity theft or breaches, including phishing attacks targeting tech professionals.
Hyderabad, the capital of Telangana, accounted for 12% of the nation’s cybercrimes, according to I4C.
The high rate of internet usage (85% of adults in Bengaluru are online daily) and the presence of corporate data repositories render these states attractive targets for hackers seeking to steal credentials or leak databases.
For instance, the 2024 boAt data breach compromised the information of 7.5 million users, many of whom are from these areas.
Uttar Pradesh and Maharashtra
Uttar Pradesh, reporting 1,200 cases, and Maharashtra, with 1,000, are vulnerable to cyberattacks due to their large populations and rapid digital expansion.
With a population of 230 million and a smartphone penetration rate of 40%, Uttar Pradesh presents a significant target for scammers distributing fraudulent Aadhaar update links or phishing messages.
Maharashtra’s Mumbai, recognized as a financial center, experiences breaches aimed at bank accounts, such as the 2024 Star Health incident that leaked 31 million records.
Both states have seen an increase in cybercrimes in 2023 (Uttar Pradesh: 7,500; Maharashtra: 6,500), with identity theft becoming more prevalent as the use of Aadhaar and UPI continues to rise.
Delhi and Tamil Nadu
Delhi, with 800 reported cases, and Tamil Nadu, with 600, illustrate the challenges faced by their urban and digitally connected populations.
Delhi, boasting a 90% internet penetration rate, is subjected to advanced attacks such as ransomware that target government websites.
In Tamil Nadu, Chennai is witnessing identity theft through fraudulent job offers or KYC scams, with 2023 cybercrime figures reaching 2,000 (10% related to identity theft).
The high engagement in digital banking (70% of adults) in both states attracts criminals who exploit weak passwords or stolen OTPs.
Smaller States and Union Territories
Lakshadweep, Ladakh, and Dadra and Nagar Haveli and Daman and Diu (DNHDD) have reported no cases, whereas Sikkim and Mizoram have recorded only 5.
These areas possess small populations (Lakshadweep: 64,000) and exhibit low levels of digital access (10–15% smartphone penetration).
The limited availability of online banking services and a reduced number of connected devices result in hackers directing their efforts elsewhere.
For example, Lakshadweep’s total of 30 crimes in 2023 did not include any cybercrimes, indicating a lack of substantial digital infrastructure.
What Factors Contribute to Identity Theft and Data Breaches?
Several elements account for the increase in these crimes and the challenges faced by certain states.
Digital Expansion, Insufficient Protections
India’s 900 million internet users and the projected 75 billion connected devices by 2025 present a vast attack surface.
The 1.3 billion records of Aadhaar and the 16.99 billion transactions of UPI (as of January 2025) serve as prime targets for hackers.
However, according to I4C, 60% of users tend to reuse passwords, and merely 25% utilize two-factor authentication, facilitating theft.
Significant breaches, such as the ICMR incident involving 815 million records in 2023, frequently originate from vulnerable corporate servers in states like Karnataka.
Limited Cyber Awareness
Numerous victims, particularly in rural regions of Uttar Pradesh or Bihar (with 350 reported cases), lack knowledge regarding cyber safety.
In 2023, only 20% of the Indian population received training in digital literacy, as reported by I4C.
Scammers take advantage of this ignorance through fraudulent KYC calls or phishing emails, resulting in the theft of Aadhaar or banking information.
The number of new internet users, which increased by 10% in 2024, are at the highest risk.
Underreporting and Insufficient Law Enforcement
Victims frequently refrain from reporting incidents due to feelings of shame or a lack of trust.
The NHRC estimates that 40% of identity theft cases remain unreported, distorting the available data.
In 2023, only 47% of cybercrime cases resulted in convictions, according to NCRB.
While states like Telangana have established cybercrime units, smaller states such as Manipur (with only 20 cases) lack the necessary resources, allowing hackers to evade capture.
Economic and Social Vulnerabilities
Affluent urban regions like Delhi and Haryana (with 300 cases) experience breaches that specifically target high-net-worth individuals.
Conversely, Jharkhand, with its 100 cases, often sees tribal communities affected by fraudulent government scheme messages.
Women, who constitute 30% of victims according to I4C, are particularly susceptible to targeted phishing attempts on social media.
Are These Numbers Reliable?
The estimate of 8,500 is based on the NCRB’s 2023 data, which indicates between 5,000 and 7,000 identity and breach cases, along with a projected 15% increase for 2025, reflecting global breach trends (a 19% rise according to IBM) and the digital expansion in India.
Factors such as underreporting (estimated at 40%) and differences in police effectiveness (for instance, Karnataka’s superior detection capabilities) may either exaggerate or obscure the actual number of cases.
The complete data for 2025, expected to be released in 2026, may revise the totals by approximately ±20%.
Combating Cybercrime
India requires enhanced protective measures. The 2024 directive from CERT-In mandating breach reporting within six hours is a positive step, yet only 10% of companies adhere to this requirement.
Implementing cyber-safety education in schools, similar to Karnataka’s 2024 initiative that aims to reach 40% of students, could potentially reduce theft incidents by 20%.
The promotion of stronger passwords and OTP notifications, advocated by the RBI, serves to safeguard users.
Additionally, the establishment of cybercrime units in states such as Bihar and the introduction of real-time breach detection through I4C’s 2025 pilot program could serve as a deterrent to cybercriminals.
Source
- National Crime Records Bureau. (2023). Crime in India 2023. Ministry of Home Affairs, Government of India.
- Indian Cybercrime Coordination Centre. (2024). Cybercrime trends and statistics 2023-24. Ministry of Home Affairs, Government of India.
You must be logged in to post a comment.