Your go-to hub for Expert Insights,
Publications, and Resources on
data privacy and compliance

A significant cybersecurity breach at Agarwal Packers and Movers Ltd (APML) has exposed sensitive personal data of elite clients, including senior government officials, diplomats, and defence personnel. The data leak, which was first discovered on June 1, has triggered an FIR and a full-scale digital forensics investigation amid rising concerns about national security risks.

The breach came to light after high-ranking clients began receiving suspicious and targeted calls that referenced their upcoming relocations. According to the FIR filed by Jaswinder Singh Ahluwalia, Group President and CEO of APML, the callers possessed detailed information sourced from APML's internal records, pointing to a likely data theft incident.

"This isn’t just about client privacy," stated Ahluwalia. "This is a breach of trust that could have national implications."

Internal Audit Suggests Collusion

An internal technical audit initiated by APML confirmed unauthorised cyber intrusion, and initial findings suggest potential collusion between internal staff and external cybercriminals. The compromised data reportedly includes contact details, movement schedules, and personal addresses of judiciary members, intelligence officials, and foreign dignitaries.

The Sector 36 Cyber Crime Police Station in Noida has registered an FIR under Sections 318(4) and 319(2) of the Bharatiya Nyaya Sanhita, along with Sections 66C and 66D of the Information Technology Act, pertaining to identity theft and impersonation. Cyber SHO Ranjeet Singh confirmed that forensic teams are analyzing firewall logs, internal access trails, and server activities to trace the origin of the breach.

Implications for India's Cyber Resilience

This breach has highlighted significant vulnerabilities in the cybersecurity infrastructure of private firms operating in sensitive sectors. While industries such as banking have been pushed to invest heavily in digital security, logistics, healthcare, and travel sectors remain underprotected despite handling highly personal information.

Cybersecurity expert Ritesh Bhatia warned, “When threat actors gain access to relocation data of senior officials, the misuse potential is staggering—from phishing and identity fraud to geopolitical surveillance. This incident shows why India urgently needs mandatory cybersecurity standards for private firms servicing high-risk clients.”

The number of individuals affected by the breach remains undisclosed, but sources suggest it could run into hundreds. The incident is expected to push regulatory bodies to revisit the Digital Personal Data Protection Act (DPDP), 2023, and possibly expedite rules for mandatory breach disclosures and proactive threat monitoring.

As the digital investigation continues, APML has stated that it is cooperating fully with law enforcement and taking immediate steps to bolster its internal cybersecurity framework.

Read out more similar articles: DPDP Consultants