Thursday 12 Feb 2026 @ 12:25
Information Commissioner's Office
Printable version

Update: Further Convictions in UK’s Largest Nuisance Call Investigation

We are pleased to announce that two further individuals have been convicted following our extensive investigation into the unlawful accessing and sale of personal information obtained from over 400 garages across the UK, as well as claims management and insurance companies. 

Christopher Munro, 37, of Knutsford, Cheshire, and William Chipoma, 35, of Enfield, London, were charged after investigations uncovered their involvement in the theft and sale of personal data within the claims management sector. 

Our enquiries revealed that Munro and Chipoma deliberately sought employment with the intention of stealing and selling personal data. 

Munro, while working for two different companies during 2015 and 2016, accessed thousands of records without legitimate authority or consent, receiving payments totalling £16,000. He made multiple employment applications to claims management and insurance companies but left after short periods when unable to access personal data. He was charged with four offences: two under the Computer Misuse Act 1990 and two under Section 55 of the Data Protection Act 1998. 

Chipoma illegally accessed records and sold personal data between 2015 and 2017, receiving payments totalling £70,550. He was also charged with four offences: two under the Computer Misuse Act 1990 and two under Section 55 of the Data Protection Act 1998. 

Both men pleaded guilty to all offences at an earlier hearing.  

Following this, both men appeared at Minshull Street Crown Court on 11 February 2026 where Chipoma was handed a 10 month prison sentence, suspended for 12 months, as well as being ordered to complete 240 hours of unpaid work. Whilst Munro was handed a 32 week prison sentence, suspended for 12 months, as well as being ordered to complete 150 hours of unpaid work.

This brings the total number of individuals prosecuted in our largest nuisance call investigation to 13.  

ICO Financial Investigators as well as external Financial Investigators are looking to recoup the financial benefits obtained by these offenders by utilising the Proceeds of Crime Act 2002. 

Eight men guilty following largest ever nuisance call investigation

We welcome a guilty verdict in a trial related to the unlawful accessing and obtaining of people’s personal information from vehicle repair garages to generate potential leads for personal injury claims.

The verdict follows a 10 week trial and an extensive investigation by the ICO. During which, we seized the widest body of evidence we have ever seen, demonstrating the misuse of people’s personal details to make nuisance calls to try and persuade people to make personal injury claims.

A jury at Bolton Crown Court this week found Craig Cornick, 40, of Prestbury, guilty of conspiracy to unlawfully obtain personal data contrary to the Data Protection Act.

Earlier in the month, the jury returned a not guilty verdict for Cornick and Thomas Daly, 35, of Macclesfield, for a charge of conspiracy to access computer systems without authority contrary to the Computer Misuse Act.

Daly had previously pleaded guilty to two counts of conspiracy to unlawfully obtain personal data.

Cornick and Daly join six other men who had all previously pleaded guilty to the offences listed below:

  1. Vincent McCartan, 30, of Failsworth - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Act.
  2. Ian Flanagan, 40, of Macclesfield - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Act.
  3. Mark Preece, 44, of Manchester - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Act.
  4. Kiernan Thorlby, 35, of Macclesfield - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Act.
  5. Fahad Moktadir, 32, of Stockport - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act.
  6. Adam Crompton, 35, of Northwich - pleaded guilty to two counts of conspiracy to unlawfully obtain personal data contrary to the Data Protection Act.

All the defendants are due to return to court on 11 July, where it is proposed Proceeds of Crime Act and cost issues will be discussed, with sentencing following at a later date.

ICO Head of Investigations, Andy Curry, said:

“Most of us have had nuisance calls asking if we’ve been in a crash. At best they’re annoying but at worst they cause real upset and fear, especially to vulnerable people, and have a real impact on the businesses affected.

This case uncovered a vast, murky criminal network where crash details were stolen from garages across England, Scotland and Wales and traded to fuel distressing predatory calls. This has been an enormous and complex case which has seen ICO staff use both technical expertise and investigative skills to work tirelessly to track down those responsible and hold them accountable on behalf of the public.”

Our investigation 

We initially started this investigation in 2016 when the owner of a car repair garage in County Durham contacted the regulator, saying he was worried his customers blamed him for the nuisance calls they were receiving about personal injury claims.

From this first initial complaint, the investigation snowballed into one of the largest nuisance call cases we have ever dealt with, resulting in a wealth of evidence that demonstrated misuses of personal data for the purpose of making calls relating to personal injury claims.

After identifying the people involved, our investigations team conducted nine warrants in the Manchester and Macclesfield areas. The devices seized under search warrant contained 241,000 emails, 4.5 million documents,144,000 spreadsheets,1.5 million images and 83,000 multimedia files.

The defendants were found to have conspired together between 2014 and 2017, where they accessed or obtained personal data of people from vehicle repair garages without their consent. Approximately one million records were accessed by the defendants convicted of an offence under the Computer Misuse Act.

This data was then sold onto claims management firms hoping to generate potential leads for personal injury claims. We have an ongoing second phase of our investigation and anticipate further prosecutions of people embedded into insurance companies and claims management companies with the sole aim of stealing personal data.

 

Channel website: https://ico.org.uk/

Original article link: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/06/eight-men-guilty-following-largest-ever-nuisance-call-investigation/

Share this article

Latest News from
Information Commissioner's Office

Statement on the commencement of the Data (Use and Access) Act (DUAA)

06/02/2026 10:20:00

The next phase of the Data (Use and Access) Act (DUAA) implementation commenced yesterday, 5 February 2026. This means that most of the remaining data protection provisions of the Act have come into force, except for the requirement for organisations to have a complaints procedure which is due to commence on 19 June 2026 and some ICO governance provisions which will follow at a later date. 

Imgur owner MediaLab fined over children’s privacy failures

06/02/2026 09:20:00

We have fined MediaLab.AI, Inc. (MediaLab), owner of image sharing and hosting platform Imgur, £247,590 for failing to use children’s personal information lawfully.  

ICO announces investigation into Grok

05/02/2026 12:10:00

The Information Commissioner’s Office (ICO) has opened formal investigations into X Internet Unlimited Company (XIUC) and X.AI LLC (X.AI) covering their processing of personal data in relation to the Grok artificial intelligence system and its potential to produce harmful sexualised image and video content.  

GP surgery reprimanded after excessive medical history of terminally ill patient sent to insurer

04/02/2026 09:10:00

We have reprimanded Staines Health Group for sending excessive medical details about a terminally ill patient to their insurance company. 

ICO update to government on economic growth commitments

03/02/2026 12:25:00

In January 2025, we responded to the government’s call for proposals to boost the UK’s economy and foster economic growth.

Fines of £225,000 for nuisance marketing messages

20/01/2026 16:20:00

We have fined two companies a total of £225,000 for sending millions of unsolicited marketing messages in breach of the law. 

Updated guidance on international transfers published

15/01/2026 17:10:00

We have updated and enhanced our guidance on international transfers of personal information, making it quicker for businesses to understand and comply with the transfer rules under UK GDPR. 

AI’ll get that! Agentic commerce could signal the dawn of personal shopping ‘AI-gents’

08/01/2026 16:20:00

Our new report released today shows how the rise of agentic artificial intelligence (AI) could transform the way we live our lives, with personal shopping ‘AI-gents’ potentially arriving within the next five years.

Statement about the signing of a Memorandum of Understanding with His Majesty's Government

08/01/2026 13:20:00

The ICO and His Majesty’s Government have today (8 January) signed an important Memorandum of Understanding (MOU) which sets out government’s commitment to raise data protection standards.