Summary
CA associations are demanding urgent action from the Finance Ministry. Here’s what happened and how taxpayers can stay safe.
GST Data Leak Scam: What Happened?
According to recent reports and verified CA associations, third-party agents were found selling GST registration and return filing data on WhatsApp and Telegram, exposing serious lapses in data security.
How Was the GST Data Misused?
Here’s what was reportedly happening:
- Fake email IDs and mobile numbers used during GST registration
- Targeted calls and fraud SMS to traders, impersonating GST officials
- Data shared via spreadsheets in bulk on illegal messaging groups
CA Associations React: Demands to Finance Ministry
Leading Chartered Accountant associations have:
- Written to the Finance Minister, demanding an official inquiry
- Requested a forensic audit of GSTN access logs
- Asked for stricter API-based data access protocols
- Urged CBDT and CBIC to trace IPs and mobile connections involved
- Called for criminal prosecution of those responsible
💡 Expert View:
“If such leaks go unpunished, it erodes trust in GST systems. APIs and OTP verifications must be tightened immediately.” – CA Arvind Sharma, Tax Consultant
Legal Provisions Likely Invoked
The scam may violate:
- Section 72 of the IT Act, 2000 – breach of confidentiality
- Sections 43A & 66E – unauthorized access and misuse of data
- Indian Penal Code (IPC) – identity theft and cheating
- Section 132 of CGST Act – fraudulent intent under GST law
How Can Traders and Taxpayers Stay Safe?
Here’s a practical checklist:
- ✅ Register GST using your own email ID and mobile number
- ✅ Avoid sharing GST login credentials with third-party agents
- ✅ Enable 2-factor authentication on all GST platforms
- ✅ Use verified GST filing portals (like Efiletax.in)
- ✅ Cross-check GSTR filings and contact details monthly
- ✅ File a complaint if you suspect data misuse
Related Government Steps & Clarifications
- In past CBIC advisories, multiple alerts have been issued regarding GST fraud via phishing or fake notices
- GSTN has been asked to review API and GSP access immediately
- Public awareness drives are being planned in association with ICAI and trade bodies
🔗 Read CBIC’s official advisories
FAQs on GST Data Security
Q1. Can I change my email/mobile on GST portal?
Yes. Login to GSTN → Services → Amend Registration → Core Field → Contact Details.
Q2. Is it legal for third parties to file GST using my login?
Only if you’ve authorized them through a Letter of Authorization or DSC.
Q3. What to do if I find my GST data shared online?
Report it to GSTN Helpdesk and file a complaint with your local Cyber Cell.
Final Word
The GST data leak scam has shaken the taxpayer community. Efiletax urges all business owners and consultants to be vigilant, update their contact details, and use only trusted platforms for GST compliance. Data security is not optional — it’s a legal and financial necessity.