Rogue businesses which engage in “data farming” have been warned to expect a knock on the door after UK authorities carried out raids on two addresses in Liverpool as part of a major probe into the acquisition and sale of illegally obtained personal data.
Following a six month investigation by the Information Commissioner’s Office and the Insurance Fraud Bureau, two teams of ICO enforcement officers executed search warrants at a business and a residential address to seize computer equipment and documents which will be analysed for evidence.
The business, which is understood to have been in operation since November 2017, is suspected of illegally obtaining personal data and then selling it on to personal injury claims companies.
The ICO and IFB believe the firm has been carrying out high volumes of so-called vishing attacks, in which scammers cold call individuals to try to get them to hand over their personal information.
ICO group manager of enforcement Mike Shaw said: “Today’s searches will fire a warning shot to businesses who operate outside the law by engaging in data farming. The evidence seized will help us identify any illegal business activities and assist us to take enforcement action.”
The ICO usually prosecutes cases like this under the Data Protection Act 1998 or 2018, depending on the individual case. However, in appropriate cases, it can prosecute under under the Computer Misuse Act, which can lead to a custodial sentence.
In November, a former employee of Nationwide Accident Repair Services was sentenced to six months in prison after pleading guilty to stealing thousands of customer records and selling them on to rogue claims firms.
Gang of four sentenced over Axa Insurance data theft
Car crash data thief hit with six month prison sentence
Sacked and fined: would-be data thieves warned again
Bent copper gets five years for car crash data theft