Security News > 2021 > January > Unauthorised RAC staffer harvested customer details then sold them to accident claims management company
An employee at emergency roadside rescue biz RAC has received an eight-month suspended prison sentence for unsanctioned access to computer systems that saw her sell customers' data to an accident claims management company.
Kim Doyle pleaded guilty to charges of conspiracy to secure unauthorised access to computer data and cashing in on RAC punters' personal information that she passed to William Shaw, director of TMS, trading as LIS Claims.
Shaw, 32, of Flixton Road, Urmston, near Manchester, also pleaded guilty to conspiracy to secure unauthorised access to computer data, and saw his sentence suspended for two years following an investigation and case brought by the Information Commissioner's Officer, the UK data watchdog.
That driver had been in an accident and the RAC carried out the recovery of the vehicle, raising suspicions of a data leak at RAC. The RAC then ran a data leakage scan of its Outlook mailboxes and discovered a trail that led it to find Doyle's unauthorised lists of customer data.
"People's data is being accessed without consent and businesses are putting resources into tracking down criminals. Once the data is in the hands of claims management companies, people are subjected to unwanted calls which can in turn lead to fraudulent personal injury claims," said Shaw.
The RAC told The Register: "We take our responsibility for protecting personal data extremely seriously and take a zero-tolerance approach to any misuse of personal data. As such, we worked closely with the Information Commissioner's Office, both before and during its investigation." .