A motor industry employee who was sentenced to six months in prison in November 2018 for accessing personal data without permission, has been ordered to pay a £25,500 confiscation order in a case brought by the Information Commissioner’s Office (ICO).
Following a hearing at Wood Green Crown Court, London on 15 July, the judge determined Mustafa Kasim of Palmer’s Green benefited from thousands of pounds as a result of the offences.
Kasim had previously worked for accident repair firm Nationwide Accident Repair Services (NARS) and accessed thousands of customer records containing personal data, without permission. He used his colleagues’ log-in details to access a software system that estimates the cost of vehicle repairs, known as Audatex.
He continued to do this after he started a new job at a different car repair organisation which used the same software system. The records contained customers’ names, phone numbers, vehicle and accident information.
This led to an investigation by the ICO and, in November 2018, he became the first person to be imprisoned following an ICO prosecution, which was brought under the Computer Misuse Act.
Mike Shaw, Group Manager Enforcement at the ICO said:
”Our investigations found that Mr Kasim had benefitted financially from his illegal activity. As a result of his activities, people whose data had been stolen received cold calls and his former employer faced huge remedial costs.
“Personal data obtained in this way can be a valuable commodity and selling it may seem like an easy way to make money but the penalties can be severe. The outcome of this case should serve as a deterrent to others.”
Kasim has three months to pay the confiscation order under the Proceeds of Crime Act 2002 or could face a 12 month prison sentence. He was also ordered to pay £8,000 costs.
SOURCE: Information Commissioner’s Office