Eight men from the North-West have been found guilty of unlawfully accessing and obtaining people’s personal data from vehicle repair garages to generate potential leads for personal injury claims, following the UK’s largest ever nuisance call investigation.
The verdict follows a 10-week trial and an extensive investigation by the Information Commissioner’s Office, during which the regulator claims to have seized the widest body of evidence it has ever seen, demonstrating the misuse of people’s personal details. This data was ultimately used to make nuisance calls to try to persuade people to make personal injury claims.
A jury at Bolton Crown Court this week found Craig Cornick, 40, of Prestbury, guilty of conspiracy to unlawfully obtain personal data contrary to the Data Protection Act.
Earlier in the month, the jury returned a not guilty verdict for Cornick and Thomas Daly, 35, of Macclesfield, for a charge of conspiracy to access computer systems without authority contrary to the Computer Misuse Act.
Daly had previously pleaded guilty to two counts of conspiracy to unlawfully obtain personal data.
Cornick and Daly join six other men who had all previously pleaded guilty to a range of offences.
Vincent McCartan, 30, of Failsworth, pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Act.
Ian Flanagan, 40, of Macclesfield, pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Act.
Mark Preece, 44, of Manchester, pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Act.
Kiernan Thorlby, 35, of Macclesfield, pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Act.
Fahad Moktadir, 32, of Stockport, pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act.
And, finally, Adam Crompton, 35, of Northwich, pleaded guilty to two counts of conspiracy to unlawfully obtain personal data contrary to the Data Protection Act.
All the defendants are due to return to court on July 11, where it is proposed Proceeds of Crime Act and cost issues will be discussed, with sentencing following at a later date.
The ICO actually started this investigation in 2016 when the owner of a car repair garage in County Durham contacted the regulator, saying he was worried his customers blamed him for the nuisance calls they were receiving about personal injury claims.
From this first initial complaint, the investigation snowballed into one of the largest nuisance call cases the ICO has ever dealt with, resulting in a wealth of evidence that demonstrated misuses of personal data for the purpose of making calls relating to personal injury claims.
After identifying the people involved, the ICO’s investigations team conducted nine warrants in the Manchester and Macclesfield areas. The devices seized under search warrant contained 241,000 emails, 4.5 million documents,144,000 spreadsheets,1.5 million images and 83,000 multimedia files.
The defendants were found to have conspired together between 2014 and 2017, where they accessed or obtained personal data of people from vehicle repair garages without their consent. Approximately one million records were accessed by the defendants convicted of an offence under the Computer Misuse Act.
This data was then sold onto claims management firms hoping to generate potential leads for personal injury claims.
The ICO has an ongoing second phase of its investigation and anticipates further prosecutions of people embedded into insurance companies and claims management companies with the sole aim of stealing personal data.
ICO head of investigations Andy Curry said: “Most of us have had nuisance calls asking if we’ve been in a crash. At best they’re annoying but at worst they cause real upset and fear, especially to vulnerable people, and have a real impact on the businesses affected.
“This case uncovered a vast, murky criminal network where crash details were stolen from garages across England, Scotland and Wales and traded to fuel distressing predatory calls. This has been an enormous and complex case which has seen ICO staff use both technical expertise and investigative skills to work tirelessly to track down those responsible and hold them accountable on behalf of the public.”
Related stories
Former RAC staff sentenced for pilfering car crash data
Smash ‘n’ grab: Car rental man sentenced for data theft
Ex-RAC staffer caught red-handed with car crash data
Eight Brits face trial over alleged car crash data ring
Data thief dodges jail but must pay back £25k or else
Jailed car crash data thief ordered to pay back £25,500
Car crash data thief hit with six month prison sentence
Sacked and fined: would-be data thieves warned again
