Information Commissioner's Office
Company director fined for illegally accessing mobile phone company’s customer database
A company director has been fined after illegally accessing one of Everything Everywhere’s (EE) customer databases.
Matthew Devlin, 25, from Halifax, Yorkshire, used details of when customers were due a mobile phone upgrade to target them with services offered by his own telecoms companies.
He had impersonated a member of Orange’s security team during calls and emails to legitimate mobile phone distributors, in an attempt to obtain passwords and login details to their customer database. He succeeded on one occasion, and was able to access the records of 1,066 customers.
Devlin, a director of three marketing and telecoms companies, appeared before Calderdale Magistrates’ Court yesterday. He was fined £500, plus £438.63 costs and an £50 victim surcharge.
ICO Head of Enforcement Stephen Eckersley said:
“Personal data is a valuable commodity. Devlin lied and manipulated to access this information for his own profit and now he’s facing a fine and a criminal conviction.
“EE swiftly alerted us to this breach and their security procedures allowed the ICO to identify Devlin as the perpetrator.”
Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. But perpetrators cannot be jailed the offence is punishable by way of ‘fine only’ - up to £5,000 in a Magistrates Court or an unlimited fine in a Crown Court.
Earlier this month deputy PM Nick Clegg backed the ICO’s call for stronger sentencing powers saying, “The penalties that exist at the moment are pathetic.”
Christopher Graham, Information Commissioner, said:
“Fines like this are no deterrent. Our personal details are worth serious money to rogue operators. If we don't want people to steal our personal details or buy and sell them as they like, then we need to show them how serious we are taking this. And that means the prospect of prison for the most serious cases.
Notes to Editors
1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
4. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Not transferred to other countries without adequate protection
5. If you need more information, please contact the ICO press office on 0303 123 9070
Latest News from
Information Commissioner's Office
UK Information Commissioner warns against 2024 becoming the year people lose trust in AI06/12/2023 16:25:00
UK Information Commissioner, John Edwards, will today warn that 2024 could be the year people lose trust in AI – and call on tech developers to embed privacy into their products from the very start.
John Edwards speaks at TechUK Digital Ethics Summit 202306/12/2023 15:20:00
Information Commissioner John Edwards’ keynote speech at TechUK’s Digital Ethics Summit 2023, delivered on 6 December 2023.
How data protection law can prevent harm in the housing sector06/12/2023 09:10:00
Blog posted by: Helen Raftery, Head of Data Protection Complaints, 05 December 2023.
We looked into text pests and here's what we found01/12/2023 12:25:00
Blog posted by: Emily Keaney, 29 November 2023.
ICO reprimands council for disclosing domestic abuse victim’s details to ex-partner29/11/2023 16:15:00
The Information Commissioner’s Office (ICO) has issued a reprimand to Charnwood Borough Council after it disclosed the new address of a domestic abuse victim to her ex-partner.
Hospitals urged to improve data protection standards following incident at NHS Fife29/11/2023 09:10:00
The Information Commissioner’s Office (ICO) has issued a reprimand to NHS Fife, after an unauthorised person was able to enter a ward and access the personal information of 14 patients.
Statement on Court of Appeal judgment on Freedom of Information Act appeal24/11/2023 09:20:00
The Court of Appeal has ruled against the Information Commissioner’s Office (ICO) in a Freedom of Information Act 2000 appeal regarding the ability to aggregate public interest factors for and against disclosure when applying exemptions under the Act.
Statement regarding the outcome of the Independent External Review of Lancashire Police’s handling of the Nicola Bulley case21/11/2023 12:25:00
Statement regarding the outcome of the Independent External Review of Lancashire Police’s handling of the Nicola Bulley case.