Data thief dodges jail but must pay back £25k or else

crash1A former RAC employee, who stole the personal data of customers involved in traffic accidents and then flogged the information to an accident claims management firm, has been whacked with an eight-month suspended prison sentence.

Over a two-year period, Kim Doyle of Higher Whitley in Cheshire transferred the data – including partial names, mobile phone numbers and registration numbers – to William Shaw, the director of an accident claims management firm, TMS (Stratosphere), trading as LIS Claims.

The offence came to light when Arval, a fleet management company, alerted the RAC to nuisance calls to one of its drivers about an accident he had been involved in. Arval suspected there may have been a data leak from the RAC, which had carried out recovery of their driver’s vehicle.

This prompted the RAC to perform a data leakage scan of its Outlook mailboxes, which unearthed details that led the company to discover Doyle had been compiling unauthorised lists of data.

The Information Commissioner’s Office then brought a prosecution under Section 1 of the Computer Misuse Act, which refers to causing a computer to perform a function with intent to secure access to any program or data held on that computer; it carries a custodial sentence of up to two years.

Doyle, who late last week pleaded guilty to charges of conspiracy to secure unauthorised access to computer data, and to selling unlawfully obtained personal data, may have escaped jail for now, with her sentence suspended for two years. However, Doyle must pay a benefit figure of £25,000 or face three months’ imprisonment if it is not paid within three months, under a Confiscation Order.

Shaw, of Urmston in Greater Manchester, also pleaded guilty and was sentenced to eight months’ imprisonment, suspended for two years. He must pay a benefit figure of £15,000 or also face three months in the slammer.

Mike Shaw, who heads up the Criminal Investigations Team at the ICO, said: “Those who believe that this is a victimless crime without consequences, need to think again. These criminal acts have a detrimental impact on the public and businesses.

“People’s data is being accessed without consent and businesses are putting resources into tracking down criminals. Once the data is in the hands of claims management companies, people are subjected to unwanted calls which can in turn lead to fraudulent personal injury claims.

“Offenders must know that we will use all the tools at our disposal to protect people’s information and prevent it from being used to make nuisance calls.

“This case shows that we can, and will take action, and that could lead to a prison sentence for those responsible. Where appropriate we will work with partner agencies to make full use of the Proceeds of Crime Act to ensure that criminals do not benefit financially from their criminal behaviour.”

Doyle and Shaw were also each ordered to carry out 100 hours unpaid work and contribute £1,000 costs.

Throughout the investigation the ICO worked with the RAC, The Insurance Fraud Bureau and affected insurance companies, including Aviva.

This is the ICO’s second prosecution under Section 1 of the Computer Misuse Act. In November 2018, former Nationwide Accident Repair Service employee Mustafa Kasim was sentenced to six months in prison, after pleading guilty to stealing thousands of customer records and selling them on to rogue claims firms.

The court heard how Kasim used his colleagues’ log-in details to access a software system that estimates the cost of vehicle repairs, known as Audatex. He continued to access the data even when he started a new job at a different car repair organisation which used the same software system. The records contained customers’ names, phone numbers, vehicle and accident information.

Kasim was also ordered to pay back £25,500 in a confiscation order.

Related stories
Jailed car crash data thief ordered to pay back £25,500
Car crash data thief hit with six month prison sentence
Sacked and fined: would-be data thieves warned again
Bent copper gets five years for car crash data theft
Swansea call centre boss is jailed for energy bill fraud
Loyalty scheme chief gets 16 months for £200k fraud
TPS swindler banged up for 5 years for £600k fraud