#FactCheck - Viral image claiming to show injury marks of the MP Kangana Ranaut slapped is fake & misleading

Introduction

‍

“an intermediary, on whose computer resource the information is stored, hosted or published, upon receiving actual knowledge in the form of an order by a court of competent jurisdiction or on being notified by the Appropriate Government or its agency under clause (b) of sub-section (3) of section 79 of the Act, shall not ‍, which is prohibited under any law for the time being in force in relation to the interest of the sovereignty and integrity of India; security of the State; friendly relations with foreign States; public order; decency or morality; in relation to contempt of court; defamation; incitement to an offence relating to the above, or any information which is prohibited under any law for the time being in force”

‍

Law grows by confronting its absences, it heals itself through its own gaps. The most recent notification from MeitY, G.S.R. 775(E) dated October 22, 2025, is an illustration of that self-correction. On November 15, 2025, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2025, will come into effect. They accomplish two crucial things: they restrict who can use "actual knowledge” to initiate takedown and require senior-level scrutiny of those directives. By doing this, they maintain genuine security requirements while guiding India’s content governance system towards more transparent due process. 

‍

When Regulation Learns Restraint

‍

To better understand the jurisprudence of revision, one must need to understand that Regulation, in its truest form, must know when to pause. The 2025 amendment marks that rare moment when the government chooses precision over power, when regulation learns restraint. The amendment revises Rule 3(1)(d) of the 2021 Rules. Social media sites, hosting companies, and other digital intermediaries are still required to take action within 36 hours of receiving “actual knowledge” that a piece of content is illegal (e.g. poses a threat to public order, sovereignty, decency, or morality). However, “actual knowledge” now only occurs in the following situations: 

(i) a court order from a court of competent jurisdiction, or

(ii) a reasoned written intimation from a duly authorised government officer not below Joint Secretary rank (or equivalent)

‍

The authorised authority in matters involving the police “must not be below the rank of Deputy Inspector General of Police (DIG)”. This creates a well defined, senior-accountable channel in place of a diffuse trigger. 

There are two more new structural guardrails. The Rules first establish a monthly assessment of all takedown notifications by a Secretary-level officer of the relevant government to test necessity, proportionality, and compliance with India’s safe harbour provision under Section 79(3) of the IT Act. Second, in order for platforms to act precisely rather than in an expansive manner, takedown requests must be accompanied by legal justification, a description of the illegal act, and precise URLs or identifiers. The cumulative result of these guardrails is that each removal has a proportionality check and a paper trail. 

‍

Due Process as the Law’s Conscience 

‍

Indian jurisprudence has been debating what constitutes “actual knowledge” for over a decade. The Supreme Court in Shreya Singhal (2015) connected an intermediary’s removal obligation to notifications from official channels or court orders rather than vague notice. But over time, that line became hazy due to enforcement practices and some court rulings, raising concerns about over-removal and safe-harbour loss under Section 79(3). Even while more recent decisions questioned the “reasonable efforts” of intermediaries, the 2025 amendment institutionally pays homage to Shreya Singhal’s ethos by refocusing “actual knowledge” on formal reviewable communications from senior state actors or judges. 

The amendment also introduces an internal constitutionalism to executive orders by mandating monthly audits at the Secretary level. The state is required to re-justify its own orders on a rolling basis, evaluating them against proportionality and necessity, which are criteria that Indian courts are increasingly requesting for speech restrictions. Clearer triggers, better logs, and less vague “please remove” communications that previously left compliance teams in legal limbo are the results for intermediaries.

‍

The Court’s Echo in the Amendment

‍

The essence of this amendment is echoed in Karnataka High Court’s Ruling on Sahyog Portal, a government portal used to coordinate takedown orders under Section 79(3)(b), was constitutional. The HC rejected X’s (formerly Twitter’s) appeal contesting the legitimacy of the portal in September. The business had claimed that by giving nodal officers the authority to issue takedown orders without court review, the portal permitted arbitrary content removals. The court disagreed, holding that the officers’ acts were in accordance with Section 79 (3)(b) and that they were “not dropping from the air but emanating from statutes.” The amendment turns compliance into conscience by conforming to the Sahyog Portal verdict, reiterating that due process is the moral grammar of governance rather than just a formality. 

‍

Conclusion: The Necessary Restlessness of Law 

‍

Law cannot afford stillness; it survives through self doubt and reinvention. The 2025 amendment, too, is not a destination, it’s a pause before the next question, a reminder that justice breathes through revision. As befits a constitutional democracy, India’s path to content governance has been combative and iterative. The next rule making cycle has been sharpened by the stays split judgments, and strikes down that have resulted from strategic litigation centred on the IT Rules, safe harbour, government fact-checking, and blocking orders. Lessons learnt are reflected in the 2025 amendment: review triumphs over opacity; specificity triumphs over vagueness; and due process triumphs over discretion. A digital republic balances freedom and force in this way. 

‍

Sources

• https://pressnews.in/law-and-justice/government-notifies-amendments-to-it-rules-2025-strengthening-intermediary-obligations/ 
• https://www.meity.gov.in/static/uploads/2025/10/90dedea70a3fdfe6d58efb55b95b4109.pdf 
• https://www.pib.gov.in/PressReleasePage.aspx?PRID=2181719 
• https://www.scobserver.in/journal/x-relies-on-shreya-singhal-in-arbitrary-content-blocking-case-in-karnataka-hc/ 
• https://www.medianama.com/2025/10/223-content-takedown-rules-online-platforms-36-hr-deadline-officer-rank/#:~:text=It%20specifies%20that%20government%20officers,Deputy%20Inspector%20General%20of%20Police%E2%80%9D.

‍

‍

Introduction

The CID of Jharkhand Police has uncovered a network of around 8000 bank accounts engaged in cyber fraud across the state, with a focus on Deoghar district, revealing a surprising 25% concentration of fraudulent accounts. In a recent meeting with bank officials, the CID shared compiled data, with 20% of the identified accounts traced to State Bank of India branches. This revelation, surpassing even Jamtara's cyber fraud reputation, prompts questions about the extent of cybercrime in Jharkhand. Under Director General Anurag Gupta's leadership, the CID has registered 90 cases, apprehended 468 individuals, and seized 1635 SIM cards and 1107 mobile phones through the Prakharna portal to combat cybercrime. 

This shocking revelation by, Jharkhand Police's Criminal Investigation Department (CID) has built a comprehensive database comprising information on about 8000 bank accounts tied to cyber fraud operations in the state. This vital information has aided in the launch of investigations to identify the account holders implicated in these illegal actions. Furthermore, the CID shared this information with bank officials at a meeting on January 12 to speed up the identification process.

Background of the Investigation

The CID shared the collated material with bank officials in a meeting on 12 January 2024 to expedite the identification process. A stunning 2000 of the 8000 bank accounts under investigation are in the Deoghar district alone, with 20 per cent of these accounts connected to various State Bank of India branches. The discovery of 8000 bank accounts related to cybercrime in Jharkhand is shocking and disturbing. Surprisingly, Deoghar district has exceeded even Jamtara, which was famous for cybercrime, accounting for around 25% of the discovered bogus accounts in the state.

As per the information provided by the CID Crime Branch, it has been found that most of the accounts were opened in banks, are currently under investigation and around 2000 have been blocked by the investigating agencies.

Recovery Process

During the investigation, it was found out that most of these accounts were running on rent, the cyber criminals opened them by taking fake phone numbers along with Aadhar cards and identity cards from people in return these people(account holders) will get a fixed amount every month. 

The CID has been unrelenting in its pursuit of cybercriminals. Police have recorded 90 cases and captured 468 people involved in cyber fraud using the Prakharna site. 1635 SIM Cards and 1107 mobile phones were confiscated by police officials during raids in various cities.

The Crime Branch has revealed the names of the cities where accounts are opened

1. Deoghar 2500
2. Dhanbad 1183
3. Ranchi 959
4. Bokaro 716
5. Giridih 707
6. Jamshedpur 584
7. Hazaribagh 526
8. Dumka 475
9. Jamtara 443

Impact on the Financial Institutions and Individuals

These cyber scams significantly influence financial organisations and individuals; let us investigate the implications.

• Victims: Cybercrime victims have significant financial setbacks, which can lead to long-term financial insecurity. In addition, people frequently suffer mental pain as a result of the breach of personal information, which causes worry, fear, and a lack of faith in the digital financial system. One of the most difficult problems for victims is the recovery process, which includes retrieving lost cash and repairing the harm caused by the cyberattack. Individuals will find this approach time-consuming and difficult, in a lot of cases people are unaware of where and when to approach and seek help. Hence, awareness about cybercrimes and a reporting mechanism are necessary to guide victims through the recovery process, aiding them in retrieving lost assets and repairing the harm inflicted by cyberattacks.

• Financial Institutions: Financial institutions face direct consequences when they incur significant losses due to cyber financial fraud. Unauthorised account access, fraudulent transactions, and the compromise of client data result in immediate cash losses and costs associated with investigating and mitigating the breach's impact. Such assaults degrade the reputation of financial organisations, undermine trust, erode customer confidence, and result in the loss of potential clients. 

• Future Implications and Solutions: Recently, the CID discovered a sophisticated cyber fraud network in Jharkhand. As a result, it is critical to assess the possible long-term repercussions of such discoveries and propose proactive ways to improve cybersecurity. The CID's findings are expected to increase awareness of the ongoing threat of cyber fraud to both people and organisations. Given the current state of cyber dangers, it is critical to implement rigorous safeguards and impose heavy punishments on cyber offenders. Government organisations and regulatory bodies should also adapt their present cybersecurity strategies to address the problems posed by modern cybercrime.

Solution and Preventive Measures

Several solutions can help combat the growing nature of cybercrime. The first and foremost step is to enhance cybersecurity education at all levels, including:

• Individual Level: To improve cybersecurity for individuals, raising awareness across all age groups is crucial. This can only be done by knowing the potential threats by following the best online practices, following cyber hygiene, and educating people to safeguard themselves against financial frauds such as phishing, smishing etc.
• Multi-Layered Authentication: Encouraging individuals to enable MFA for their online accounts adds an extra layer of security by requiring additional verification beyond passwords. 
• Continuous monitoring and incident Response:  By continuously monitoring their financial transactions and regularly reviewing the online statements and transaction history, ensure that everyday transactions are aligned with your expenditures, and set up the accounts alert for transactions exceeding a specified amount for usual activity.   
• Report Suspicious Activity: If you see any fraudulent transactions or activity, contact your bank or financial institution immediately; they will lead you through investigating and resolving the problem. The victim must supply the necessary paperwork to support your claim.

How to reduce the risks

• Freeze compromised accounts: If you think that some of your accounts have been compromised, call the bank immediately and request that the account be frozen or temporarily suspended, preventing further unauthorised truncations

• Update passwords: Update and change your passwords for all the financial accounts, emails, and online banking accounts regularly, if you suspect any unauthorised access, report it immediately  and always enable MFA that adds an extra layer of protection to your accounts.

Conclusion

The CID's finding of a cyber fraud network in Jharkhand is a stark reminder of the ever-changing nature of cybersecurity threats. Cyber security measures are necessary to prevent such activities and protect individuals and institutions from being targeted against cyber fraud. As the digital ecosystem continues to grow, it is really important to stay vigilant and alert as an individual and society as a whole. We should actively participate in more awareness activities to update and upgrade ourselves.  

References 

• https://avenuemail.in/cid-uncovers-alarming-cyber-fraud-network-8000-bank-accounts-in-jharkhand-involved/
• https://www.the420.in/jharkhand-cid-cyber-fraud-crackdown-8000-bank-accounts-involved/
• https://www.livehindustan.com/jharkhand/story-cyber-fraudsters-in-jharkhand-opened-more-than-8000-bank-accounts-cid-freezes-2000-accounts-investigating-9203292.html

‍

Introduction

Taj Hotels Group is well known for its luxurious ambience and old-world grace and charm, blended with contemporary comforts and amenities for its guests or customers. But what can make all the netizens perplexed is the recent data breach incident which took place in Tata-owned Taj hotels. The hotel suffer from a data breach that compromises nearly 1.5 million customers' data which includes addresses, membership IDs, mobile numbers and other personally identifiable information, according to sources. This news was brought to light which raised concerns about the privacy and data protection of personal data of individuals. We are living in a space influenced by advanced technology and digital communication which throws a concern or challenge to secure the personal information of individuals. 

Unveiling the incident 

Tata-owned Taj Hotels group has suffered a data breach that compromise information of over 1.5 million customers, according to a news report. A bad actor or entity going by the name “Dnacookies” claimed data set contains data from the 2014-2020 period and has not been disclosed anywhere till now. Such personal data includes name, address, customer ID, mobile number and other personally identifiable information. This shows the risks or challenges of data protection and security. The incidents raise an alarm about the risks and vulnerabilities that might be faced even by the big corporate giants. The bad actor with the handle “Dnacookies” also demanded a ransom of a sum of about Rs 4.16 lakh from the Taj hotel group. In response to the incident, a spokesperson from the concerned hotel group said that we have been made aware of someone claiming possession of a limited data customer data set, which is non-sensitive in nature. Investigation is underway and relevant authorities have been notified about the incident.

‍A demand for ransom

The report from CNBC-TV18 clears that the bad actor not only purloined the data but also demanded around 4.16 lakh as a ransom for the database.  Along with this, the bad actor kept three conditions ahead. Firstly there has to be a middleman for a negotiable deal secondly the data cannot be split either the entire data has to be taken with the ransom demand or no data at all. Thirdly additional samples of data will not be provided. Further, the spokesperson of Indian Hotel Company Limited mentioned that they have been escalated with the fact that someone is claiming authority in a limited data set. The bad actor claimed that the database contains information from 2014- 2020 which has been kept confidential till now. The audacity of the bad actor went to such an extent that the sample containing one thousand rows of unique entries from the bad actor dataset was also provided by the bad actor as proof of the deed. This incident underlines the growing threat in cyberspace and the urgency for individuals, organizations or entities to priorities data security measures and maintain cyber resilience.

Personal Data on Stake

Such data is the personal information of the individuals and also constitutes the personal tastes and preferences of individuals which can be exploited. The biggest gush of winds the hotel and individuals face by such a data breach is not only the volume of data compromised but also the potential ways it can get misused and exploited against the hotel or its customers by cyber crooks. This paves the way for cybercriminals to put forward any demand knowing the sensitivity of the data. Followed by creating a dilemmatic situation for the affected entities to either accept the ransom demands or to stand against ransom. Since the risks are high, going ahead with any of these situations can have an adverse impact on the security of personal data. The organisation or entities holding the personal data need to make sure that data under their realm is well protected and secured.

While the organisation has to sail through the aftermath of this breach, such incidents also pose a challenge for the organisation to maintain the trust and reputation of the organization since these incidents question the cyber security posture of the organisation. It is suggested to be transparent with its stakeholders, and open about the vulnerabilities and steps taken against this. They should also discuss the amplified step added for safeguarding their customer's personal data. Since Taj is well known for its out-of-the-box luxury and for providing comfort to its customers it should take a step ahead to reinforce its digital infrastructure to ensure the security of data.

Digital Personal Data Protection Act, 2023

The newly enacted Digital Personal Data Act, 2023 put certain obligations on data fiduciaries to take reasonable measures to maintain the security of personal data. The Act also requires to inform about the data breach to the data protection board constituted under the Act. The Act aims to protect the individual's digital personal data. The Act casts certain obligations on data principals and data fiduciaries. The Act provides penalty upto 250 crores in case of a data breach. The Act aims to provide consent-based data collection techniques. The Act also establishes the Data Protection Board to ensure compliance with the provisions of the Act and address grievances. 

Conclusion

Data breach in such a big giant in the market serves as an alarming concern to be more cautious and proactively take precautionary measures to protect the security of data and compliance with data protection laws and regulations. We are living in an era where digital security is as important as the basic fundamental rights of an individual. Taj Hotels Group has actively taken steps to handle the aftermath of the data breach by informing the incident to law enforcement agencies and taking necessary steps.  It is also on our part to be more aware, and vigilant about our personal data. Entities need to ensure compliance and measures to protect personal data and overall ensure a true cyber-safe & digital environment.

References

https://www.moneycontrol.com/news/technology/taj-hotels-suffers-data-breach-exposes-information-of-1-5-million-customers-11801161.html

‍