Authorities are treating the matter as a serious breach of personal data integrity linked to financial fraud. After receiving the tax notice citing transactions exceeding Rs 10 crore, the CRPF jawan verified that he had never initiated any business activity. This confirmation made clear that third-party actors obtained his identity details and used them to float a shell enterprise. Income Tax Department officials flagged the case once the discrepancy surfaced, prompting police to register an offence and initiate coordinated inquiry steps.
Preliminary checks by the cyber unit indicate that the suspected network relied on online business registration systems and digital banking channels to operate without physical presence. The routine threshold checks in incorporation processes did not generate alerts, suggesting systematic exploitation of procedural gaps. Investigators noted that PAN-based verification remains a core requirement for company registration, tax filings, and financial operations. Misuse of such credentials exposes individuals to legal liability and reputational harm while enabling concealment of illicit fund routes.
The Bastar Cyber Cell contacted a firm in Kolkata after tracing digital trails linked to transactions attributed to the fake company. Officers are analysing linked IP logs, banking gateways, and transaction pathways to identify each participant in the chain. They are verifying whether the Kolkata entity served as a facilitator, intermediary, or endpoint within the fraudulent financial circuit. Data requisition notices have been sent to relevant institutions for account statements, KYC documents, and digital audit trails.
Investigators are examining how the PAN details were initially accessed. Possible modes include leakage from financial documents, breach of a digital storage system, or targeted phishing schemes. The probe includes outreach to national tax authorities and cybersecurity units to identify broader patterns and cross-link with similar incidents. Officials indicated that the scale of operations, spanning two financial years, reflects pre-planned activity rather than opportunistic misuse.
The police emphasised the need for vigilance among individuals whose PAN details may be stored across multiple platforms. The incident also highlights systemic risk points in digital incorporation workflows where identity verification depends on uploaded credentials rather than physical authentication. As the investigation progresses, agencies will review regulatory weaknesses and recommend secure validation protocols to prevent criminal infiltration into formal financial systems.
