The National Company Law Tribunal (NCLT) in Mumbai has temporarily suspended virtual hearings, requiring lawyers to appear physically after its virtual hearing system was hacked on 12 and 17 December.
Unidentified hackers disrupted proceedings by broadcasting pornographic content. Legal and cyber law experts have expressed concerns about the vulnerability of Indian courts to such cyberattacks, noting the need to strengthen digital infrastructure to ensure the accessibility of justice.
This breach has raised significant concerns about the vulnerability of India’s judicial infrastructure to cyberattacks, highlighting the need for stronger digital security measures to ensure the accessibility and reliability of justice. Legal experts have expressed alarm about the potential long-term consequences of such cyberattacks on public trust in the judicial system.
“These attacks can undermine public trust in the judicial system, disrupt the smooth functioning of virtual hearings, and potentially delay the administration of justice,” warned Sudeshna Guha Roy, partner at Saraf and Partners.
“For instance, the display of obscene content during the NCLT Mumbai virtual proceedings caused distress and embarrassment to participants, highlighting the potential for significant disruptions,” she added.
‘May erode public trust’
Lawyers fear that this may erode public trust and confidence in the nation’s legal system, potentially destabilising its infrastructure, with far-reaching consequences.
Gauhar Mirza, partner at Cyril Amarchand Mangaldas, added, “The larger implication is on the dependability and sanctity that the general public has on the judicial system. If such incidents become rampant, it may result in reduced trust in online hearings compared to physical court proceedings.”
The cyber attack came to light on 19 December when Mumbai’s Cuffe Parade police registered a case after hackers gained unauthorized access to NCLT’s online system.
Charan Pratap Singh, the deputy registrar of NCLT Mumbai, filed a police complaint, alleging that the accused had hacked the court’s web system. Media reports indicate that the hackers used usernames “Linda Z Miller” and “Jonathan Adam Amelia” while broadcasting the obscene videos.
According to media reports, police is trying to trace the suspects via IP addresses, and a case has been filed under the Bharatiya Nyaya Sanhita and the Information Technology Act.
Following the disruption, NCLT Mumbai suspended virtual hearings and opted for physical hearings, causing delays and inconvenience to lawyers and litigants.
The NCLT Mumbai registrar did not respond to Mint’s queries regarding the resumption of virtual hearings.
This is not an isolated incident: there have been multiple cyberattacks targeting India’s judicial infrastructure.
On 9 January, the Supreme Court issued a warning about phishing attacks involving fake websites impersonating its official site. These fraudulent sites were soliciting personal information. The Court advised the public not to share sensitive details and to report any incidents to authorities.
Similarly, in October 2024, a live-stream of the Calcutta High Court’s vacation bench was hacked, showing an obscene video for about a minute. In September 2024, the Supreme Court’s YouTube channel was hacked to display promotional content for a cryptocurrency. The Karnataka High Court also suspended live streaming in December 2023 due to a similar breach.
Cybersecurity experts note that the perpetrators’ motive is often not financial gain, but rather a challenge to the system’s security.
N. S. Nappinai, senior advocate, Supreme Court of India and founder of Cyber Saathi, said, “These actions simply disrupt proceedings without financial gain. Not all cybercrimes are financially motivated; often, they’re just challenges to show capability. One of the first cases under the IT Act involved the defacing of the moon by P’s website, a ‘catch me if you can’ stunt. Hacking, defacing or displaying inappropriate content are often just ways for perpetrators to prove they can bypass security, sometimes claiming it’s to highlight vulnerabilities in the system.”
Lawyers warn that repeated cyberattacks on India’s judicial infrastructure could force courts to revert to physical hearings, undermining the progress made in making justice more accessible through virtual platforms. This incident highlights the challenges of transitioning to a fully digital judicial system. If such attacks continue unchecked, they could reverse years of effort to democratize access to justice.
“This is a wake-up call for authorities to ensure the safety, credibility, and effectiveness of digital legal processes moving forward. Legal institutions must invest in better infrastructure, cybersecurity protocols and staff training to prevent future breaches,” noted Sajai Singh, partner at JSA Advocates & Solicitors.
Cybersecurity firms underscored that the damage may be irreparable, and the public’s trust in legal bodies to safeguard sensitive data may be permanently compromised, even after virtual hearings resume.
Devroop Dhar, co-founder and managing director at Primus Partners, observed, “Incidents like these undermine the credibility of online judicial processes, casting doubt on the security of sensitive data and the integrity of proceedings. This erosion of trust can deter lawyers, litigants, and the public from adopting virtual platforms, reversing years of progress toward making justice more accessible and efficient.”
Roy of Saraf and Partners recommended, “Every judicial forum must cater to its own virtual attendance by ensuring there are tailor-made applications for such proceedings. A separate administration system should also be in place to confirm the smooth operation of applications or systems in place. Collaborative partnerships may be entered into with technology companies, specifically to design platforms tailored for judicial needs focusing on security, firewall and user-friendliness.”
Dhar from Primus Partners also advocated for legal and technological safeguards, such as accountability clauses for service providers, regular platform audits, and measures like encryption and multi-factor authentication. He suggested adopting global models like the United Kingdom’s Court Video Platform and US PACER system to enhance security and transparency in India’s online judicial processes.
Cybersecurity experts view the newly enacted Digital Personal Data Protection Act, 2023 (DPD) as a crucial step in safeguarding personal data. The Act defines “data fiduciaries” as entities responsible for determining the purpose and means of processing personal data, including organizations, companies or bodies handling such data. Digital platforms hosting virtual hearings and judicial data will be considered data fiduciaries, with significant responsibilities to ensure the protection of personal data from breaches.
Jayesh H, co-founder of Juris Corp Advocates and Solicitors, suggested that “lawyers also need to be trained to ensure they appreciate and comply with IT security standards. The use of encryption, having well-documented Incident Response Plans, and regular IT Security Audits are all par for the course.”
Catch all the Business News , Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
MoreLess
