Motor industry employee fined £25,500 for personal data theft that lasted years

Motor industry employee fined £25,500 for personal data theft that lasted years

Motor industry employee fined £25,500 for personal data theft that lasted years

The Wood Green Crown Court in London has fined a former motor industry employee named Mustafa Kasim £25,500 under the Proceeds of Crime Act 2002 and has also ordered him to pay £8,000 in costs for accessing “thousands of customer records containing personal data without permission”.
In November last year, Mustafa was awarded a six-month prison sentence at Wood Green Crown Court in the first prosecution brought by the Information Commissioner’s Office under the Computer Misuse Act 1990. The prison sentence was awarded after Kasim pleaded guilty for accessing “thousands of customer records containing personal data without permission”.
According to the ICO, Kasim gained access to such data by using the login credentials of a colleague to access a software system known as Audatex which estimates the cost of vehicle repairs. ICO was made aware of such unauthorised access by his employer Nationwide Accident Repair Services (NARS) after the firm received complaints of nuisance calls from customers.
ICO added that Kasim continued to use the software and accessed thousands of customer records even after starting a new job at a different car repair organisation which used the same software system. Personal records collected by him without obtaining prior authorisation included customers’ names, phone numbers, vehicle, and accident information.

Wood Green Crown Court issues £25,500 fine under POCA

Earlier today, ICO said that after satisfying itself that Kasim benefited from thousands of pounds as a result of the theft of personal data, Wood Green Crown Court ordered him to pay a £25,500 confiscation order under the Proceeds of Crime Act 2002 and also ordered him to pay a further £8,000 in costs.
“Our investigations found that Mr Kasim had benefitted financially from his illegal activity. As a result of his activities, people whose data had been stolen received cold calls and his former employer faced huge remedial costs,” said Mike Shaw, Group Manager Enforcement at the ICO.
“Personal data obtained in this way can be a valuable commodity and selling it may seem like an easy way to make money but the penalties can be severe. The outcome of this case should serve as a deterrent to others,” he added.
Following Kasim’s imprisonment in November last year, both Nationwide Accident Repair Services and Audatex put appropriate technical and organisational measures in place to ensure that unauthorised personnel could not gain access to the software or to personal data of customers using stolen credentials.
ALSO READ: MD of accidental claims firm made £1.5m by selling personal data of accident victims

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]