Two legal cases have exposed the huge gulf between how US and UK courts punish data thefts, with an American man being banged up for nearly a decade, while a Brit has escaped with a paltry £1,000 fine.
In a case which is likely to make UK Information Commissioner Christopher Graham green with envy, Cameron Harrison of Augusta, Georgia, was sentenced to more than nine years for buying stolen credit and debit card numbers from an underground online marketplace.
Harrison was one of 55 people charged in four indictments related to Carder.su, a marketplace for stolen ID documents, stolen bank account information and payment card data.
He was caught after he purchased a counterfeit Georgia driver’s licence from an undercover agent on Carder.su. He has also been ordered to pay a staggering $50.8m in damages.
Although less serious, earlier this week a company director from Yorkshire escaped with a fine of just under a £1,000 after being found guilty of stealing the records of 1,066 Everything Everywhere customers to offer them upgrades from his own mobile phone company.
Matthew Devlin from Halifax had impersonated a member of Orange’s security team during calls and emails to legitimate mobile phone distributors, to obtain passwords and login details to their customer database. He was fined £500, plus £438.63 costs and an £50 victim surcharge at Calderdale Magistrates’ Court.
Following the case, Christopher Graham said: “Fines like this are no deterrent. Our personal details are worth serious money to rogue operators. If we don’t want people to steal our personal details or buy and sell them as they like, then we need to show them how serious we are taking this. And that means the prospect of prison for the most serious cases.”
Related stories
Fresh blow to bang up data thieves
Govt investigates stiffer data fines
MPs back ‘lock up data thieves’ call
Graham: ‘Bang up data thieves’
Retailers in blue-chip hacking probe
ICO stands firm on blue-chip theft
ICO to probe rogue private eyes
Data security expose hits top firms
Lenient data theft sentence vilified
Stiff US sentence exposes pathetic UK data laws http://t.co/U659ZbrnzF #dataprotection #digitalmarketing #dataprivacy