Your money got hacked from your bank account? Tough luck. You have nowhere to go.

Cyber crime victims of phishing and hacking have been struggling from nearly three years. Rajendra Prasad Yadav’s experience is just one example.

A software professional from Whitefield, Yadav lost Rs 4.14 lakh in phishing in 2010. His online bank account was hacked into and several unauthorised transactions were made. The fraud was such that the money withdrawn from his account was paid to the credit of the same bank at a different branch.

Taking the only remedy as per the IT Act, Yadav filed an application for adjudication before then IT Secretary M N Vidyashankar. The IT Secretary’s order in 2011 held that his complaint was ‘not sustainable’ as a corporate company or a bank cannot filed a complaint as per the IT Act amendment in 2008.

Similar orders were passed in other cases also which essentially let the banks off the hook.

“The term used in Section 43 of the act is ‘person’ and the Adjudicator (IT Secretary) has stated that a body or corporate company, such as bank, does not come under the definition of ‘person’. This order denied access to both civil and criminal liabilities to almost all cyber crime victims in the state. This also means that no company, including Infosys or Wipro, could file a case of hacking, unauthorised access, denial of access, virus introduction under the Act,” Na Vijayshankar who has been representing several cyber crime victims before the IT Secretary said.

A business enterprise, which lost money in phishing recently petitioned the Karnataka State Human Rights Commission (SHRC) against Vidyashankar’s order and the Commission issued a notice to the present IT Secretary I N S Prasad in March. The matter was referred to the Law Department which confirmed that the order was prima facie defective and the request for review justified.

Prasad issued an order on April 26 cancelling the earlier one and called for a fresh hearing. But the bank concerned moved the Karnataka High Court stating there was no scope for review. The High Court cancelled IT Department order for review of the order and directed the victim to approach the Cyber Appellate Tribunal. But that body has been practically defunct, as it has no chairperson since 2011.