Ex-RAC staffer caught red-handed with car crash data

A get rich quick plan hatched by a former employee of the RAC has been nipped in the bud after he pleaded guilty to stealing the personal data of victims of road traffic accidents which the organisation had handled.

Asif Iqbal Khan, 42, was working for the RAC as a customer solutions specialist. Over a single month in 2019, the RAC had received 21 complaints from suspicious drivers who received calls from claims management companies following accidents for which it had provided rescue services.

A swift review of individuals who had accessed these claims found that Khan was the only employee to access all 21. An internal RAC investigation later reported suspicious behaviour from Khan, including taking photos of his computer screen with his phone.

A search warrant, executed by the Information Commissioner’s Office, seized two phones from Khan and a customer receipt for £12,000. The phones contained photos of data relating to over 100 road incidents.

Hapless Khan pleaded guilty to two counts of stealing data in breach of Section 170 of the Data Protection Act 2018, when he appeared at Dudley Magistrates Court late last month.

However, he was fined just £5,000 although he was also ordered to pay a victim surcharge and court costs.

Khan is the second RAC employee to have been found guilty of such misdemeanors. Kim Doyle of Higher Whitley in Cheshire was found guilty of a similar charge in 2021, although she was prosecuted under Section 1 of the Computer Misuse Act; she was ordered to pay £25,000 or face three months’ imprisonment if it had not been not paid within three months.

The first person to be charged under that legislation was former Nationwide Accident Repair Service employee Mustafa Kasim. He was sentenced to six months in prison in 2018, after pleading guilty to stealing thousands of customer records and selling them on to rogue claims firms. He was also ordered to pay back £25,500 in a confiscation order.

Meanwhile, in August last year, the ICO launched criminal proceedings against eight individuals over the alleged unlawful accessing and obtaining of consumers’ personal data from vehicle repair garages to generate potential leads for personal injury claims. This case has yet to come to court.

ICO director of investigations Stephen Eckersley said:”Being involved in a road traffic accident can be deeply distressing – to then have this used and your data stolen as a result, adds insult to injury.

“We know that receiving nuisance calls can be hugely frustrating and people often wonder how these companies got their details in the first place.

“This case shows one such way that it happens. But also shows that those who do this crime will be caught, will be convicted and justice will be served.”