RAC duo busted for stealing and selling crash victims' data
Roadside assistance biz praised for deploying security monitoring software and reporting workers to cops
Two former workers at roadside assistance provider RAC were this week given suspended sentences after illegally copying and selling tens of thousands of lines of personal data on people involved in accidents.
Debbie Okparavero, 61, of Salford, and Maliha Islam, 51, of Manchester, had worked as customer services specialists at RAC's call center in Stretford until their "unlawful conduct" was spotted by the company and subsequently reported to the Information Commissioner's Office (ICO).
The RAC had installed unspecified security monitoring software, which showed Okparavero accessing and copying "personal information relating to people involved in road traffic accidents." A search of Okparavero's mobile phone revealed the data was then shared with Islam in a WhatsApp chat.
Some 29,500 lines of personal information were exposed, according to the ICO, Britain's data regulator. The chat messages shared between the pair suggested an unknown third party was paying for that data.
The two were handed six-month prison sentences, suspended for 18 months, and ordered to undertake 150 hours of community service at a Minshull Street Crown Court hearing on October 8. Both Okparavero and Islam pleaded guilty to offences under the Computer Misuse Act 1990 and Data Protection Act 2018.
- Northern Ireland cops whose info was leaked in 2023 may get £240M+ damages
- The fingerpointing starts as cyber incident at London transport body continues
- UK health services call-handling vendor faces $7.7M fine over 2022 ransomware attack
- UK Electoral Commission slapped for basic cybersecurity fails
According to the ICO, prosecution costs will be considered at a Proceeds of Crime hearing scheduled for March 5, 2025. Andy Curry, head of ICO investigations, said in a statement: "Accessing people's personal information when there isn't a business need to do so is against the law. To then take steps to profit from other people's misfortune by selling that information is appalling. We will always take action to protect the public from this type of unlawful behavior."
The ICO praised the RAC for its "swift action in bringing this breach to our attention enabling us to ensure justice was served."
The Register asked the RAC for comment but it had nothing to add.
RAC employees have been involved in similar criminal activities before. In 2021, an ex-staffer pleaded guilty to charges of unsanctioned access to computer systems and selling that data to an accident claims management company, while in February last year, the ICO highlighted another former RAC worker involved in a copycat incident. ®