Madrasreserved High Court · 2025
Case Details
Acts & Sections
Cited in this judgment
Crl.O.P.Nos.11214, 11215 & 11216 of 2023petitioner in these petitions who are arrayed as A1, A2 and A3, for the offences under Sections 66 and 43(j) of the Information Technology (Amendment) Act, 2008.2.The crux of the allegations in the FIR is that the accused A1 to A3 are ex-employees of the 2nd respondent/Cred Avenue Private Limited. According to the de facto complainant, who is the authorised signatory of the said Cred Avenue Private Limited, the accused, who are their ex-employees, hatched a criminal conspiracy to make wrongful gain and committed theft and misappropriation of confidential and proprietary data of the complainant's Company. The complainant has a workforce of over 820 employees. The business developed by the complainant Company is unique and it holds all intellectual property and rights in the business to the exclusion of all others. A1 and A2 joined the complainant's Company in October, 2020 and A3 joined the Company in May, 2021 in the Yubi Pools Department. The Yubi Pools platform provides an opportunity to the clients of the complainant to find investment opportunities as well as to find investors for their securitisation products/transaction comprising of identified loan assets. The accused, as a part of their employment, had Page 3 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023access to the computer network and cloud storage facilities of the complainant, which contains the confidential proprietary data and trade secrets of the complainant and its customers. The accused have custody of the key responsibilities and were exclusively dealing with sensitive confidential and proprietary information and trade secrets including product details, pricing, customer information, and competitive business, important leads and co-ordinates of the customers. In September 2022, A3 resigned from the complainant's Company. Thereafter, within few days, the other accused also resigned. Thereafter, the complainant came to know that the accused were canvassing and soliciting the business of its customers and clients. Thereafter, the complainant, on quick check on the computer systems, found that the accused persons have stolen the confidential data and information from the complainant's computer network, including the complainant's Google Drive provided to them for storage purposes, and the data has been transferred to the personal computers of the accused only in order to cause wrongful loss to the complainant's Company. Hence, it is the allegation of the de facto complainant that all the accused persons have conspired together with a criminal intention to systematically damage, destroy and steal the confidential and proprietary information residing in Page 4 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023the complainant's computer resource and they have misappropriated the confidential and proprietary data of the complainant Company to build their own venture, and solicit customers and have cheated the complainant. Therefore, the complainant lodged a compliant before the 1st respondent Police. Based on the said complaint, an FIR has been registered in Crime No.10 of 2023 for the offences under Sections 66 and 43(j) of the Information Technology (Amendment) Act, 2008. To quash the same, the present Criminal Original Petitions are filed.3.Learned Senior Counsel appearing for the petitioners would mainly contend that the allegations made by the complainant do not make out a case against the petitioners for the alleged offences. The FIR also does not indicate the nature of the alleged theft. The allegation that the petitioners solicited the clients of the complainant, is clearly a civil dispute and the same cannot be given a criminal colour. Further, it is his contention that the arbitration proceedings have also been initiated already as against the petitioners herein and the entire dispute is only a contractual dispute. The petitioners have resigned their jobs in the complainant Company. Only in order to intimidate and harass them taking note of the confidentiality Page 5 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023contract, which prohibits non-soliciting and non-disclosure, the present FIR has been filed on the allegation that the petitioners have stolen confidential data and on the assumption that they are soliciting the clients of the complainant, without any basis. It is his further contention that the complainant themselves have already obtained an Expert opinion from M/s.Deloitte Touche Tohmatsu India LLP to find out as to whether there was any data theft. The report of the said M/s.Deloitte does not indicate any alleged theft of data. This has been clearly captured by this Court in an interim order in the arbitration proceedings already initiated. Therefore, continuing FIR by the Investigation Officer will not serve any purpose. If at all there is any breach of contract, the same will give rise to only a civil remedy, but not a criminal case. Hence, he would submit that the entire FIR is nothing but an abuse of process of law. 4.Whereas, it is the contention of the learned Additional Public Prosecutor appearing for the 1st respondent Police, that, based on the FIR, the de facto complainant's statement has already been recorded. A3 has also appeared and his mobile phone has been seized. A1 and A2 have also appeared and their statements have been recorded. Hence, he would submit Page 6 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023that the investigation may proceed further to see its logical end. 5.Learned Senior Counsel appearing for the de facto complainant would submit that the petitioners have entered into a contract not to disclose the confidential information and the contract also clearly prohibits soliciting the clients of the complainant. The confidential information stored in the computers of the complainant Company and cloud have been stolen by the petitioners by transferring the data to their personal computers. Therefore, the learned Senior Counsel would submit that the FIR, at this stage, cannot be quashed and the investigation may go on to unearth the truth.6.Normally, this Court will not interfere with the investigation when FIR has been filed with regard to a cognizable offence, but at the same time, when the FIR is a result of some contractual dispute or is only a civil dispute and the alleged theft is not at all established, continuing the FIR and forcing the parties to undergo the ordeal of criminal investigation and trial is nothing but abuse of process of law. Page 7 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 20237.The very specific allegation made in the FIR is to the effect that the confidential information of the de facto complainant's Company stored in their computers have been illegally stolen and transferred. If that allegation alone remains and investigation is pending with regard to that allegation, this Court would not have interfered with the FIR, since that allegation has to be probed into and facts have to be unearthed by subjecting the so-called computers and other gadgets to forensic examination. But the fact remains in this case that the complainant Company themselves have already filed an expert opinion in this regard. They have engaged one of the leading companies, namely M/s.Deloitte Touche Tohmatsu India LLP, and obtained a report as to whether there was any data theft from the computers or not. 8.It is relevant to note that arbitration proceedings have already been initiated between the de facto complainant and the petitioners, for breach of the contract. The report submitted by M/s.Deloitte has been considered by this Court while appointing an Advocate Commissioner in the arbitration proceedings in Arb.Appln.Nos.145, 151 and 154 of 2023 by order dated 20.04.2023. In the said order, this Court has captured the report of the Expert namely M/s.Deloitte, dated 09.03.2023, as follows :Page 8 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023Data SourceCategoryObservationAnnexure/ExhibitFirewall logsData transfer-messaging applications/cloud storageFirewall logs indicated 20 instances of OneDrive access between 24-Nov-2022 10:55:54 and 09-Dec 20221 2:14:32 from internal dynamic source IPs to the external IP '13.107.42.13". From public domain searches, it was gathered that the IP address belongs to the Microsoft domain which resolves to the United States of America and nature, reported for Command and control, Phishing, and web app attacks.Further, it was noted that the aforesaid IP address belongs to Microsoft OneDrive service, and this indicates access of OneDrive cloud storage.Annexure-1Annexure-2Exhibit-01LaptopData transfer-messaging applications/ cloud storageThe laptop internet history analysis indicated 06 instances of Dropbox being accessed. However, we did not find any instances of potential data sharing through the same.Further, we cannot ascertain the date and time for these activities due to the unavailability of metadata information.This indicates the instance of Dropbox access from Annexure-3Exhibit-02Page 9 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023Data SourceCategoryObservationAnnexure/ExhibitAbhinandan's official laptop.LaptopData transfer-messaging applications/ cloud storageFrom the internet history of laptop, we noted multiple instances of OneDrive access between 17-Mar-2021 14:42:32 and 09-Dec-2022 14:44:08 (the last working day of the Custodian), where the user is reflected as Abhinandan Singh. This indicates the instance of OneDrive access from Abhinandan's official laptop.Further analysis indicates the OneDrive access on 10-Jan-2023 by the user "sysadmin.VCAPLT00146". It was understood from the Client that this activity was carried out by the IT administrator of Credavenue for data backup purposes..Exhibit-03Exhibit-12LaptopData transfer-messaging applications/ cloud storageFrom the internet history analysis, we noted 06 instances of "web.whatsapp.com" access between 07-Dec-2022 at 19:06:00 and 14-Dec-2022 at 18:24:06, from the admin user profile "sysadmin. VCAPLT00146". However, it was gathered from the Client that when the IT administrator logged in to the system for data backup purposes, the WhatsApp Web instance from the admin's system got synchronized to Abhinandan's system unintentionally.Annexure-4Exhibit-12Page 10 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023Data SourceCategoryObservationAnnexure/ExhibitFurther, the Client confirmed that WhatsApp web is not an official messaging platform used by the organization.Email DataData sharing through emailsWe noted 06 instances of emails being shared from Abhinandan's personal email ID "[email protected]" and official email ID "[email protected] during the period from 15-Oct-2020 19:42:00 to 03-Aug-21 20:00. Furtheranalysis indicates that these emails contain files pertaining to the Company as attachments, which indicates the traces of official data residing on the personal mailbox of the Custodian.Exhibit-4Sr. No.SubjectEmail sent DateAttachmentsFromTo1Photo from Abhinandan 15-Oct-202019:[email protected]@[email protected] from Abhinandan29-May-202118:12Pool Performance & Advisory on [email protected]@credavenue.comPage 11 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023Sr. No.SubjectEmail sent DateAttachmentsFromTobuyouts.pdf3Document from Abhinandan09-Jul-202119:07Indiashelter_Covered Bond [email protected]@credavenue.com4Document from Abhinandan09-Jul-202119:08Portfolio Cuts Jun'21(Summary)[email protected]@credavenue.com5Document from Abhinandan03-Aug-202118:58Capital Trust [email protected]@credavenue.com6Document from Abhinandan03-Aug-202120:00Subhlakshmi [email protected]@credavenue.comData SourceCategoryObservationAnnexure/ ExhibitLaptopUSB detection or usageDuring our analysis, we did not note any external drives or USB connections on Abhinandan's system. Not AvailableLaptopDeletion of FilesMass deletion of files was noted in August 2021 (11,327), September 2022 (96,299), and November 2022 (3,76,806). Further, it was noted that these contain user files also.Exhibit-05We observed 41 instances of file deletion from the Google Page 12 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023Data SourceCategoryObservationAnnexure/ ExhibitG-Suite logDeletion of FilesWorkspace between 21-Oct-2022 22:03 and 09-Dec-2022 18:46. Further, it was noted that out of these 41 instances, 15 instances were on 09-Dec-2022, which is the last working day of the Custodian.Exhibit-015.2 Custodian 2- Bandaru RamadasuData SourceCategoryObservationsAnnexure/ExhibitFirewall traffic/File sharing logData transfer-messaging applications/cloud storageFrom firewall traffic logs, we noted 11 instances of Dropbox access between 14-Dec-2022 13:59:59 and 14-Dec-2022 15:10:19. Further, 05 instances of Dropbox access were noted on 14-Dec-2022 15:50:37 from internal static source IP to the external IPs "104.16.99.29" and ''162.125.68.18" (Exhibit-4). Further, from the public domain searches, we noted that the IP address 162.125.68.18 belongs to the Dropbox data centre domain in the United States of America and has been reported once for phishing and exploited host. However, we could not verify the instances of Dropbox access on the laptop indicating potential Exhibit-06Annexure-6Annexure-7Page 13 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023Data SourceCategoryObservationsAnnexure/Exhibitoverwriting of system artefacts during the formatting before re-purposing the laptop.It appears that the aforesaid IP address belongs to Dropbox service, and potentially this indicates the access of Dropbox cloud storage.Email DataData sharing through emailsDuring the email analysis, we did not note any official data being shared from Bandaru's official email ID to his personal email ID.However, we noted an email from the Custodian's official email ID "[email protected]" to his personal email ID "[email protected]" containing the URL "Personal.zip-https://drive.google.com/file/d/1nnOCI8zU8wg_FOQ_mKj8Te1bxn3BtRAH/view?usp=drive_we" on 16-Dec-2022 16:56:29. However, the content of the zip file could not be validated as the file was not present in the system. Further, it was confirmed by the Client that this zip folder contained Custodian's personal documents.Exhibit-12Page 14 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023Data SourceCategoryObservationsAnnexure/ExhibitLaptopUSB detection or usageWe did not note any external drives or USB connections on Bandaru's system.Not AvailableLaptopDeletion of FilesMass deletion of user files was noted from Bandaru Ramdas's Windows laptop on 26-Dec-2022 between 13:36:10 and 14:10:41.On further analysis, it was observed that 83,585 files were deleted from the system and all these files seem to be Operating system files. Further, it was understood from the Client that these resulted from the activity done by the IT team for formatting and re-imaging the laptop after the Custodian returned the laptop, post his last working day.Exhibit-07Exhibit-12G-Suite LogDeletion of FilesWe observed 30 instances of files deleted from Google Workspace between 28-Oct-2022 10:53 and 14-Dec-2022 14:36, which was incidentally a day prior to the last working day i.e., 15-Dec-2022.Exhibit-06Endpoint protection logDeletion of FilesWe noted 1947 instances of file deletion from the Custodian's google drive and laptop between 14-Dec-2022 16:24 and 16-Dec-2022 18:14. It was further observed that 1938 files were deleted on 16-Dec-2022 between 15:12:57 Exhibit-06Page 15 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023Data SourceCategoryObservationsAnnexure/Exhibitand 18:14:40. 15-Dec-2022 being the last working of Bandaru with the organization, this activity stands to be critical.5.3 Custodian 3- Rajat NanchahalData SourceCategoryObservationAnnexure/ExhibitLaptopData transfer-messaging applications/ cloud storageWe noted 11 instances of OneDrive access on 27-Aug-2022 11:03:30. On further analysis, an instance of OneDrive access was noted from the trash items on 25-Nov-2025 15:02:27. Further details could not be obtained as this information was retrieved from the unallocated space of the hard drive and it appears that the hard drive is solid- State drive (SSD) in nature.This indicates access of One Drive cloud services from the official laptop.Annexure-8Data During our analysis, we note 05 email communications from Rajat Nanchahal Official mail ID [email protected]" to his personal mail Id [email protected]. On Further analysis, we Exhibit-08Page 16 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023Data SourceCategoryObservationAnnexure/ExhibitEmail Datasharing through emailsidentified that all these email communications are personal in nature (Bank statements, Pay slips, food bills, Identity cards, Hotel accommodation bills, transportation bills, parking bills, Flight tickets, boarding passes etc.) and no official files are being shared.Further, we noted 25 instances of emails from the email ID "[email protected]" to the official email ID "[email protected] from 06-Jul-2021 13:48:01 to 03-Sep-2022 08:28:36. On further analysis we observed that these emails indicate the use of Dropbox account using the Custodian official mail ID "[email protected]". Further, information could not be validated due to access limitations.Annexure-8SubjectEmail sent DateFromToWe noticed a new sign in to your Dropbox19-Jul-20219:39:09Dropbox <[email protected]>[email protected] and Paper, together19-Jul-202110:18:24Dropbox <[email protected]>[email protected] 17 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023SubjectEmail sent DateFromToReset your Dropbox password16-Aug-202115:35:11Dropbox <[email protected]>[email protected]'ve successfully reset your Dropbox password16-Aug-202115:35:33Dropbox <[email protected]>[email protected] noticed a new sign in to your Dropbox18-Aug-202116:16:02Dropbox <[email protected]>[email protected] your Dropbox setup18-Sep-202103:58:11Dropbox <[email protected]>[email protected] the Dropbox desktop app22-Sep-202108:34:51Dropbox <[email protected]>[email protected] your files with Dropbox folders27-Sep-202107:33:41Dropbox <[email protected]>[email protected] your Dropbox files anywhere12-Nov-202121:16:20Dropbox <[email protected]>[email protected] your important files with folders17-Nov-202108:14:05Dropbox <[email protected]>[email protected] your content with Dropbox22-Nov-202108:25:22Dropbox <[email protected]>[email protected] to our Terms of Service and Privacy Policy 13-Dec-202107:39:23Dropbox <[email protected]>[email protected] 18 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023SubjectEmail sent DateFromToDont forget about your Dropbox files30-Apr-202209:45:12Dropbox <[email protected]>[email protected] Nanchahal shared ''Statement_1654531435981.pdf'' with you06-Jun-202221:35:06Rajat Nanchahal (via-Dropbox) <[email protected]>[email protected] your files backed up online 03-Sep-202208:28:36Dropbox <[email protected]>[email protected] Tan shared ''Pahal – WLB4 Due Dilligence'' with you06-Jul-202113:48:01Giggson Tan / <[email protected]>[email protected] verify your email address08-Jul-202110:46:38Dropbox <[email protected]>[email protected] noticed a new sign in to your Dropbox08-Jul-202110:50:18Dropbox <[email protected]>[email protected] noticed a new sign in to your Dropbox08-Jul-202110:55:15Dropbox <[email protected]>[email protected]'ve connected a new app to Dropbox08-Jul-202111:00:04Dropbox <[email protected]>[email protected] one more step to complete your Dropbox setup08-Jul-202112:57:30Dropbox <[email protected]>[email protected] 19 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023SubjectEmail sent DateFromToWe noticed a new sign in to your Dropbox12-Jul-202113:08:33Dropbox <[email protected]>[email protected] made changes in your shared folders14-Jul-202110:24:32Dropbox <[email protected]>[email protected] your Dropbox Password16-Jul-202115:30:17Dropbox <[email protected]>[email protected]'ve successfully reset your Dropbox Password16-Jul-202115:31:03Dropbox <[email protected]>[email protected] SourceCategoryObservationAnnexure/ExhibitEmail Data Mails shared through Dropbox AccountFrom Raja Nanchahal's email data, we noted an email communication from "[email protected]" to Raiat's official email ID "[email protected]". It appears that the email contains details of four (04) user documents which were further shared with "Harshil" However, we could not check the other details of Harshil such as his email ID, roles etc.On further analysis, we noted 02 files with the same file name(WLB4 Borrower Annexure-9Page 20 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023Data SourceCategoryObservationAnnexure/Exhibitsource Document List_pahal.docx, WLB4Borrower Due Diligence Questionaire_pahal.dox) were found in the system which belongs to Rajat Nanchahal and are noted to be official in nature.This indicates the possibility of potential data sharing through Dropbox services.Sr.No.Name of the Documents shared through DropboxDocuments Present in the system1WLB4 Borrower source Document List_pahal.docxYes2WLB4 Borrower due Diligence Questionaire_pahal.docxYes3Pahal Snapshot Mar.2021.pptxNo4Restructuring Policy.pdfNo5Provisioning Policy and Writeoff Policy.pdfNoPage 21 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023Data SourceCategoryObservationAnnexure/ExhibitLaptopUSB detection or usageWe did not note any external drives or USB connections on Rajat's system.Not AvailableLaptopDeletion of FilesFrom the Custodian Rajat Nanchahal laptop, we noted mass deletion of files noted in November 2022(5454) on the trash. Further, it was noted that these are Operating System files.Exhibit-099.The above report clearly indicates that, though there was access to the information, it is recorded that they did not find any instance of potential data sharing through the same. It is also recorded to the effect that, during the analysis, they did not note any external drives or USB connection used by A1. Though mass deletion of files has been noted on the last working days of the accused, the report did not indicate that there was any instance of potential data sharing to other device. It is quite normal to have access to the data by the accused who were all admittedly engaged by the Company and who were specifically entrusted to the particular work of handling such information. Merely because the information has been accessed by the accused while they were in Page 22 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023employment, it cannot be said that there was a data theft. When the expert evidence is also available on record, which does not indicate any data theft, continuing the investigation, in the view of this Court, is nothing but clear harassment. 10.It is further to be noted that the arbitration proceedings have also been initiated. The de facto complainant has also relied upon an expert's report while seeking certain interim orders under Section 17 of the Arbitration and Conciliation Act, 1996. While rejecting the request for interim orders, in fact, the learned sole Arbitrator has recorded a finding in Para No.4.15 in order dated 30.06.2025 that there was no concrete evidence of data theft or copyright infringement or extrapolation except for the log details in the “Internal Incident Report : CD 68” which is too generic in nature. Therefore, the learned Arbitrator also found that there was no data theft or copyright infringement or extrapolation. In such view of the matter, when already civil proceedings have been initiated by way of arbitration for breach of contract, this Court is of the view that continuing FIR will not serve any purpose. The Hon'ble Supreme Court, in Paramjeet Batra v. State of Uttarakhand reported in (2013) 11 SCC 673, has held as follows : Page 23 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023“12. ... A complaint disclosing civil transactions may also have a criminal texture. But the High Court must see whether a dispute which is essentially of a civil nature is given a cloak of criminal offence. In such a situation, if a civil remedy is available and is, in fact, adopted as has happened in this case, the High Court should not hesitate to quash the criminal proceedings to prevent abuse of process of the court.”The said view has been followed by the Hon'ble Supreme Court in Usha Chakraborty v. State of W.B. reported in (2023) 15 SCC 135. In such view of the matter, when no criminal offence as alleged is made out as against the petitioners, it is a fit case to quash the FIR as per the dictum of the Hon'ble Supreme Court in State of Haryana and others v. Bhajan Lal and others reported in 1992 Supp (1) Supreme Court Cases 335. 11.Accordingly, these Criminal Original Petitions are allowed and the FIR in Crime No.10 of 2023 on the file of the 1st respondent Police is quashed. 12.If there is any breach of contract, the de facto complainant can very much establish their case in the pending arbitration proceedings for civil remedy.Page 24 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 202301.09.2025mknInternet: Yes Index : Yes / NoSpeaking order : Yes / NoNeutral Citation : Yes / NoTo1.The Inspector of Police, Cyber Crime Police Station, Chennai South, St. Thomas Mount, Chennai – 600 016.2.The Public Prosecutor, High Court, Madras.N. SATHISH KUMAR, J.mknPage 25 of 26 https://www.mhc.tn.gov.in/judis Crl.O.P.Nos.11214, 11215 & 11216 of 2023Common Order inCrl.O.P.Nos.11214, 11215 & 11216 of 202301.09.2025Page 26 of 26