This guide is written for practical orientation. The correct legal response depends on the documents, transaction trail, police station, complaint stage, devices involved and the specific allegations.
Common red flags
- Mass download from Git, cloud drive or CRM
- Unusual USB, email forwarding or personal cloud sync
- Client database export before resignation
- Access to restricted code repositories or admin accounts
- Competing business using similar code, workflows or customer lists
Evidence to preserve
- Repository logs, commit history and access records
- Endpoint images and USB artefacts
- Email headers, forwarding rules and cloud logs
- Employment contracts, confidentiality clauses and exit records
- Comparison reports for copied code or database structure
Legal routes
- Internal forensic investigation
- Police complaint or FIR in serious cases
- Civil injunction and confidentiality action
- Preservation notices to employees, vendors and platforms
- Client communication and damage assessment
Frequently asked questions
Can source code theft be treated as cyber crime?
Depending on access, copying, authorisation, intent and use, source code theft may raise cyber crime, IP, confidentiality and civil claims.
Should a company confront the employee immediately?
Not before preserving evidence. Premature confrontation may lead to deletion, device formatting or loss of logs.
Can deleted files prove data theft?
Forensic artefacts, logs, metadata and cloud records may help reconstruct activity, depending on preservation timing.
Is a civil suit enough for employee data theft?
Some cases require civil remedies, some require criminal complaint, and some require both. Strategy depends on facts and objectives.