The UK’s data protection regulator has launched criminal proceedings against eight individuals suspected of conspiring to steal personal data from vehicle repair garages.
The information is related to hundreds of thousands of individuals involved in road traffic accidents and was taken without the consent of the garages involved, according to the Information Commissioner’s Office (ICO).
The alleged activity took place between December 01, 2014 and November 30, 2017.
The defendants will now face prosecution for conspiring to commit an offence under section 1 of the Computer Misuse Act 1990, which means they’ve been accused of unlawful accessing of personal data held on computers. They have also been accused of committing an offence under section 55 of the Data Protection Act 1998, related to allegedly obtaining personal data unlawfully.
The ICO claimed the eight stole the data in order to generate potential leads for personal injury insurance claims.
The regulator’s involvement in criminal proceedings of this nature is not without precedent but is still relatively rare. It said the prosecution follows “a complex and wide-ranging criminal investigation” by the ICO.
The first similar case prosecuted by the ICO was back in 2018 and was also linked to vehicle repair companies.
In that case, an individual working for Nationwide Accident Repair Services (NARS) is said to have used his colleague’s log-ins to access thousands of customer records without permission. The man, Mustafa Kasim, continued to do so even after moving to another firm which used the same IT system.
It wasn’t immediately clear what the end goal for Kasim was, although the ICO was alerted to the incident after NARS noted an increase in customer complaints about nuisance calls, suggesting their personal data had been sold on to a third party.