There is definitely more that needs to be done to ensure proprietary data is not accessible by people outside the US jurisdiction. However, Indian law enforcement does vigorously purpose malicious, data stealing, perpetrators in India since the government there does not want this to become a problem that will prevent additional off-shoring. For the most part, impersonation crime is committed by Americans against Americans (or at least by people on American soil).
" Indian law enforcement does vigorously purpose malicious, data .."
So? Should I have a problem do I or do I not have legal recourse? I do not. Our laws are not enforceable in India and I do not have the resources to sue much less collect in India. Therefore, personal information is NOT protected once in Indian hands. The fact is that I give companies my information under the protection of US law. Should they give that information to someone not under US law they have violated our contract and I should be able to sue them.