Introduction:

In a significant Public Interest Litigation (PIL), the Bombay High Court addressed concerns regarding cyber-attacks targeting the official websites of the Maharashtra government and its departments. The case, Ruzbeh Dossabhoy Raja vs. State of Maharashtra & Ors. (PIL/23/2025), was filed by an Information Technology Consultant and Visiting Professor of Law, highlighting the vulnerabilities of government websites due to inadequate cybersecurity measures. The petitioner asserted that cybercriminals had compromised these websites, leading unsuspecting users to fraudulent platforms that collected their personal information. The division bench, comprising Chief Justice Alok Aradhe and Justice Bharati Dangre, acknowledged the necessity of strengthening cybersecurity and disposed of the petition while granting the petitioner the liberty to submit his suggestions to the relevant authorities. The Court emphasised that the Maharashtra Cyber Department and the Mumbai Police Cyber Crime Division should take necessary steps to implement feasible recommendations to safeguard government websites from cyber threats.

Arguments of Both Sides:

The petitioner, appearing as an expert in Information Technology and cybersecurity, contended that government websites lacked robust security infrastructure, making them vulnerable to cyber-attacks. He pointed out that due to poor monitoring and outdated security protocols, several websites had been infiltrated by malicious software. These infiltrations resulted in visitors being redirected to gambling platforms, exposing them to potential data theft. The petitioner argued that such cybersecurity breaches posed a grave risk to the personal data of citizens who interacted with government portals for various services. He sought directions from the Court to compel the state government to enhance security measures, block infected websites, and initiate criminal proceedings against perpetrators responsible for these cyber-attacks. Additionally, he expressed his willingness to offer expert advice and formulate preventive strategies to protect government digital assets.

The Maharashtra Cyber Department and the Mumbai Police Cyber Crime Division, represented by their legal counsel, acknowledged the importance of cybersecurity and agreed to consider expert suggestions from the petitioner. They assured the Court that upon receiving the proposal, they would evaluate its feasibility and implement appropriate measures to enhance cyber resilience. The authorities also emphasised that cybersecurity policies were continuously evolving and required specialised input to counter emerging threats effectively. However, they maintained that law enforcement agencies were already working towards addressing cyber vulnerabilities and taking steps to mitigate risks associated with online threats. They assured that FIRs would be registered where necessary and investigations would be conducted to identify and apprehend those responsible for the cyber breaches.

Court’s Judgment:

After hearing both sides, the Bombay High Court recognised the importance of safeguarding government websites from cyber threats. The division bench noted that cybersecurity concerns were legitimate and that proactive measures must be adopted to prevent unauthorised intrusions. The Court appreciated the petitioner’s willingness to contribute his expertise and observed that collaborative efforts between experts and government authorities could significantly enhance cybersecurity frameworks. The bench held that while the state authorities were responsible for protecting government websites, they should remain open to external inputs from specialists who could provide valuable insights into combating cybercrime.

The Court observed that cybersecurity lapses could have far-reaching consequences, including data breaches, financial fraud, and risks to national security. Given the increasing sophistication of cyber threats, the Court emphasised the necessity for a multi-pronged approach that included constant monitoring, upgrading security protocols, and strict enforcement of cyber laws. However, rather than issuing direct orders for implementation, the Court found it appropriate to grant the petitioner liberty to submit a detailed proposal to the Maharashtra Cyber Department and the Mumbai Police Cyber Crime Division. The Court directed the concerned authorities to evaluate the suggestions and take effective measures to implement feasible recommendations to fortify government websites against cyber-attacks.

The Court disposed of the PIL while reaffirming the responsibility of the state government to take necessary precautions to prevent future cyber incidents. It further clarified that any steps taken by the authorities should be based on expert inputs and global best practices in cybersecurity. The Court encouraged collaboration between cybersecurity professionals and government agencies to ensure that public digital infrastructure remains secure from evolving threats.