Security

Unauthorised RAC staffer harvested customer details then sold them to accident claims management company

8-month suspended sentence for conspiracy to secure unauthorised access to computer data


An employee at emergency roadside rescue biz RAC has received an eight-month suspended prison sentence for unsanctioned access to computer systems that saw her sell customers' data to an accident claims management company.

Kim Doyle pleaded guilty to charges of conspiracy to secure unauthorised access to computer data and cashing in on RAC punters' personal information that she passed to William Shaw, director of TMS (Stratosphere), trading as LIS Claims. Doyle was sentenced at Manchester Crown Court on Friday, 8 January.

The court heard that Doyle, 33, of Village Lane, Higher Whitley, North West England, generated lists of data on road traffic accidents, including partial names, mobile phone numbers and registration numbers, even though she was not given consent by the RAC to do so.

Shaw, 32, of Flixton Road, Urmston, near Manchester, also pleaded guilty to conspiracy to secure unauthorised access to computer data, and saw his sentence suspended for two years following an investigation and case brought by the Information Commissioner's Officer (ICO), the UK data watchdog.

The ICO said there is evidence that the information sold to LIS Claims was subsequently used to make nuisance calls, one of which reached a driver at fleet management company Arval. That driver had been in an accident and the RAC carried out the recovery of the vehicle, raising suspicions of a data leak at RAC.

The RAC then ran a data leakage scan of its Outlook mailboxes and discovered a trail that led it to find Doyle's unauthorised lists of customer data.

Mike Shaw, head of criminal investigations at the ICO, issued a canned statement, saying this is not a victimless crime as they have a "detrimental impact" on the public and businesses.

"People's data is being accessed without consent and businesses are putting resources into tracking down criminals. Once the data is in the hands of claims management companies, people are subjected to unwanted calls which can in turn lead to fraudulent personal injury claims," said Shaw.

"This case shows that we can, and will take action, and that could lead to a prison sentence for those responsible. Where appropriate we will work with partner agencies to make full use of the Proceeds of Crime Act to ensure that criminals do not benefit financially from their criminal behaviour."

The court has issued a Confiscation Order under which Doyle must pay £25,000, and Shaw has been ordered to cough £15,000, both within three months. Should they fail to pay these sums they will be jailed for three months.

Both were also ordered to carry out 100 hours of unpaid work and contribute £1,000 towards costs.

The RAC told The Register: "We take our responsibility for protecting personal data extremely seriously and take a zero-tolerance approach to any misuse of personal data. As such, we worked closely with the Information Commissioner's Office, both before and during its investigation." ®

Send us news
46 Comments

Microsoft rolls out safety tools for Azure AI. Hint: More models

Defenses against prompt injection, hallucination arrive as Feds eye ML risks

Hillary Clinton: 2024 will be 'ground zero' for AI election manipulation

2016 meddling was 'primitive' compared to what's ahead

Cloud server host Vultr rips user data ownership clause from ToS after web outrage

We know the average customer doesn't have a law degree, CEO tells us

HPE bakes LLMs into Aruba as AI inches closer to network takeover

But don't worry, the models are here to help summarize technical docs and answer your questions ... for now

Pressuring allies not to fulfill chip kit service contracts with China now official US policy

Xi Jinping warns 'no force' can stop country's science and tech progress

JetBrains keeps mum on 26 'security problems' fixed after Rapid7 spat

Vendor takes hardline approach to patch disclosure to new levels

University of Washington's Workday woes leave research grants in limbo

$340M finance upgrade still working out the kinks

FTX crypto-crook Sam Bankman-Fried gets 25 years in prison

Could have been worse: Prosecutors wanted decades more

Nvidia's newborn ChatRTX bot patched for security bugs

Flaws enable privilege escalation and remote code execution

Intel's green dream is chips without any dips in Mother Nature's health

Sustainability Summit pushes industry partners to reduce their environmental impact, including harmful chemicals

US critical infrastructure cyberattack reporting rules inch closer to reality

After all, it's only about keeping the essentials on – no rush

How a single buck bought bragging rights in the battle to port Windows 95 to NT

It reached the desktop and then ...