Font Size

Customer Data Thieves Made to Pay

 By

The Information Commissioner’s Office

Computer/Internet/Software Articles
Submit Articles   Back to Articles

Issued on 10 June 2011

Customer data thieves made to pay £73,700

Two former employees of UK mobile operator T-Mobile who illegally stole and sold select customer data from the company in 2008 have today been ordered to pay a total of £73,700 in fines and confiscation costs as part of a hearing at Chester Crown Court.

David Turley and Darren Hames pleaded guilty to offences under Section 55 of the Data Protection Act (DPA) last year. The pair’s offences were uncovered after T-Mobile identified an issue and turned the matter over to the ICO to help investigate how names, addresses, telephone numbers and customer contract end dates were being unlawfully passed on to third parties.

David Turley, who pleaded guilty to 18 offences under Section 55 of the DPA in July 2010, has today been ordered to pay £45,000 confiscation costs and been given a three year conditional discharge. If he does not pay the confiscation costs within six months he will serve an 18 month prison sentence by default.

Darren Hames, who pleaded guilty to two offences under section 55 of the DPA last November, has been ordered to pay £28,700 confiscation costs, £500 towards prosecution costs and been given an 18 month conditional discharge. If he does not pay the confiscation costs within six months he will serve a 15 month prison sentence by default.

Information Commissioner, Christopher Graham, said:

“Today’s hearing marks the final chapter in an investigation that has exposed the criminals behind a mass illegal trade in lucrative mobile phone contract information. It also marks a new chapter of effective deterrents on data crime where the courts will act to recover the ill-gotten gains.

“Those who have regular access to thousands of customer details may think that attempts to use it for personal gain will go undetected. But this case shows that there is always an audit trail and my office will do everything in its power to uncover it. The lifestyle the pair gained from their criminal activities has been short lived and I hope this case serves as a strong deterrent to others. I am particularly grateful to T-Mobile for their help in this investigation.”

The ICO’s investigation into the case began in December 2008. A chronology report detailing key information about the investigation and how Hames and Turley were brought to justice is now available on the ICO’s website.

The Proceeds of Crime Act is the legislation, which provides for the recovery of the proceeds from crime. This case is the first time the ICO has applied for and been granted use of confiscation orders. Under the Act, a proportion of any money recovered is given to the prosecuting authority to be used in the prevention and detection of crime The ICO will use its proportion of the money to fund training for its investigation staff.

Current or former mobile phone customers who are receiving unwanted marketing information or calls about their mobile phone contract should tell the sender to stop contacting them and register with the Telephone Preference Service. Customers who receive persistent unwanted marketing calls, text messages, emails or letters can complain to the ICO by calling our helpline on 0303 123 1113 or visiting our website at www.ico.gov.uk.

Notes    

  1. The case summary is available on the ICO website at: http://www.ico.gov.uk/~/media/documents/library/Data_Protection/Notices/tmobile_summary.pdf
  2. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  3. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
  4. .The ICO is on Twitter, Facebook and LinkedIn, and produces a monthly e-newsletter. Our For the media page provides more information for journalists.
  5. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
  •    Fairly and lawfully processed
  •    Processed for limited purposes
  •    Adequate, relevant and not excessive
  •    Accurate and up to date
  •    Not kept for longer than is necessary
  •    Processed in line with your rights
  •    Secure
  •    Not transferred to other countries without adequate protection

About the Author

The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. We do this by promoting good practice, ruling on complaints, providing information to individuals and organisations and taking appropriate action when the law is broken.

The ICO enforces and oversees the following legislation:

  •  Data Protection Act 1998
  •  Freedom of Information Act 2000
  •  Privacy and Electronic Communications Regulations 2003
  •  Environmental Information Regulations 2004


Follow us @Scopulus_News

Article Published/Sorted/Amended on Scopulus 2011-06-12 09:17:43 in Computer Articles

All Articles

Copyright © 2004-2019 Scopulus Limited. All rights reserved.