By Anuradha Gandhi, Rachita Thakur and Abhishekta Sharma
Introduction
On July 30, 2025, National Company Law Tribunal (NCLT), Kolkata Bench suspended Video Conferencing (hereinafter referred to VC) hearing with immediate effect as a preventive step due to cybersecurity breach where an unknown perpetrator displayed an inappropriate content during an online proceeding.
The service of virtual hearing will remain suspended until clearance is received from National Informatics Centre (NIC), the premier Information and Communication Technology (ICT) Organization of Government of India.[1]
Background
Video Conferencing emerged as backbone of the courts during the lockdown period which was backed by Supreme Court to bring uniformity and standardization in conduct of VC on April 6, 2020, giving legal sanctity and validity to the court hearings done through VC.[2]
The virtual court link, created on Dec 14, 2022, and last renewed on Oct 23, 2024 was operating under the official email id: kol@nclt.gov.in, serving as a centralized platform for conducting remote hearings and facilitating easy access for lawyers, court officials and others. This link enabled uniform participation in NCLT hearings ensuring continuity of judicial processes supporting legal system and standardized video conferencing system.
Previous similar breaches
The incident, however, is not the first of its kind with similar events reported earlier from other Tribunals and even High Courts. The NCLT Mumbai Bench experienced similar breach on December 12 and 17, 2024 which lead to immediate suspension of video conferencing hearings which required lawyers to appear in-person as an unidentified hacker disrupted proceedings by broadcasting pornography content.[3]
These incidents raises significant concerns about the cybersecurity defenses of government digital platforms and the ease with which virtual courts systems could be compromised without multiple layers of security.
Security and data privacy challenges
Despite the systems renewal less than a year before breach, the attack indicates that the security measures implemented during or after renewal were insufficient to prevent unauthorized access and misuse.
A complaint was registered under Section 66C[4], 66E[5], 67 and 67A[7] of the Information Technology Act, 2000 addressing identity theft, privacy violation and transmission of obscene material at Bidhannagar Cyber Crime PS.
Further the breach also raises data privacy concerns, as unknown individual accessed the VC session using fake profile name and shared inappropriate content on screen interrupting virtual hearing and posing risk to confidentiality and privacy of sensitive legal proceeding. The major issues with this kind of breaches:-
- Compromises confidentiality of case details and participant identities
- Integrity of the hearing process is challenged due to unauthorized interference
- Trust in digital judicial infrastructure weakens.
Impact on ongoing cases and judicial timelines
The suspension service impacted all ongoing cases and judicial timelines as-
- All hearings which would otherwise have been virtually conducted are taking place physically with effect from August 1, 2025.
- The halt in virtual hearings lead to delays and disruptions since parties have to physically attend, leading to scheduling and logistical challenges.
- Until the VC system is restored with enhanced security safeguards, the tribunal will not conduct remote hearings, impacting accessibility for parties who are geographically distant.
Data Privacy Landscape
The developing Data Protection landscape will play an important role in safeguarding collection, processing and management of Personal Information, from ensuring lawfulness and fair processing, implementing strong security measures such as encryption and access controls to limiting data collection to what is necessary. The incidents raises serious questions about upholding the integrity and confidentiality of Personal Information and Sensitive Personal information when integrating technology in Judicial and legal systems. Therefore, reasonable security measures must be adopted by all institutions.
Conclusion
The incident underscore the urgent need for enhanced cybersecurity frameworks, stringent access controls and proactive monitoring in virtual judicial proceedings to protect data privacy, ensure procedural integrity and maintain trust in the judicial system’s digital transformation. The DPDP Act substantially strengthen the safeguards around digital personal data reducing cybersecurity risk through strict security protocols, breach reporting obligations and enhanced individual data privacy.
[1]https://images.assettype.com/barandbench/2025-08-01/z1y4h7nk/NCLT_suspension.pdf
[2]https://doj.gov.in/video-conferencing/
[4]https://www.indiacode.nic.in/show-data?actid=AC_CEN_45_76_00001_200021_1517807324077&orderno=79
[5]https://www.indiacode.nic.in/show-data?actid=AC_CEN_45_76_00001_200021_1517807324077&orderno=81
[6]https://www.indiacode.nic.in/show-data?actid=AC_CEN_45_76_00001_200021_1517807324077&orderno=83