Out-Law News 2 min. read

Illegal traders of T-Mobile customers' personal data fined more than £73,000


Former T-Mobile employees that stole customer information and passed it on to other companies have been fined more than £73,000 for violating UK data protection laws, the Information Commissioner's Office (ICO) has said.

Under the Data Protection Act it is a criminal offence to knowingly or recklessly obtain personal data without consent.

Chester Crown Court ordered David Turley to pay £45,000 and Darren Hames £28,700 in costs under the Proceeds of Crime Act, the ICO said. Hames was also ordered to pay £500 to cover the prosecution's legal costs, the ICO, the UK's data protection watchdog, said in a statement.

The court also gave Turley a three year conditional discharge and he will face 18 months in prison if he does not pay the £45,000 within six months, the ICO said. Hames was given an 18 month conditional discharge and he will face 15 months in prison if he does not pay the £28,700 within six months, the ICO said.

Hames, who worked for T-Mobile at the time, sold sensitive personal information to Turley, a former sales manager at the firm, the ICO said. Turley sold on the information for double the price he paid Hames for it, the ICO said in a case summary (6-page / 73KB PDF).

"The pair’s offences were uncovered after T-Mobile identified an issue and turned the matter over to the ICO to help investigate how names, addresses, telephone numbers and customer contract end dates were being unlawfully passed on to third parties," the ICO said in a statement (3-page /68KB PDF).

The ICO's investigation discovered a network of individuals and businesses that traded on the information Turley had obtained from Hames, the ICO case summary said.

The ICO estimated that Turley made £60,000 a year selling T-Mobile customer data. Hames admitted he made about £30,000 selling the data to Turley, the ICO said.

Information Commissioner Christopher Graham said the ICO's investigations had exposed a huge trade in unlawfully obtained information.

"[The court] hearing marks the final chapter in an investigation that has exposed the criminals behind a mass illegal trade in lucrative mobile phone contract information," Christopher Graham, Information Commissioner, said in the ICO statement.

"It also marks a new chapter of effective deterrents on data crime where the courts will act to recover the ill-gotten gains," Graham said.

“Those who have regular access to thousands of customer details may think that attempts to use it for personal gain will go undetected. But this case shows that there is always an audit trail and my office will do everything in its power to uncover it," Graham said.

"The lifestyle the pair gained from their criminal activities has been short lived and I hope this case serves as a strong deterrent to others. I am particularly grateful to T-Mobile for their help in this investigation.,” Graham said.

The Proceeds of Crime Act allows the court to confiscate money earned from criminal activity and reward prosecutors with some of the money recovered. The ICO said it was the first time it had applied and been granted use of the confiscation order and said it intends to use its proportion of money to train investigators in the protection and detection of crime.

"This is a record fine in the UK for employees found to be using stolen data for personal gain – a sign that the criminal courts are taking data protection offences seriously," said Claire McCracken, a technology law specialist at Pinsent Masons, the law firm behond OUT-LAW.COM. "This fine and the use of a confiscation order by the ICO to recover proceeds of the crime for the first time sends a clear message to criminals that the authorities will take firm action against them".

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.