The Government’s Information Commissioners Office (ICO) has fined Matthew Devlin (age 25), a director of three marketing and telecoms companies, the measly sum of £500 after he was found to have “illegally” accessed one of Orange UK’s (EE) customer databases in order to target users with rival upgrade promotions.
Apparently in 2011 Matthew Devlin gained access to details of when Orange UK’s customers were due a mobile phone upgrade by impersonating a member of the operators security team during calls and emails to legitimate mobile phone distributors. On one occasion he shockingly succeeded and “was able to access the records of 1,066 customers“.
It’s understood that EE “swiftly” alerted the ICO of this breach and Devlin then wound up before Calderdale Magistrates Court, where he was fined £500, plus £438.63 costs and an £50 victim surcharge (unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998).
Stephen Eckersley, ICO Head of Enforcement, said:
“Personal data is a valuable commodity. Devlin lied and manipulated to access this information for his own profit and now he’s facing a fine and a criminal conviction.
EE swiftly alerted us to this breach and their security procedures allowed the ICO to identify Devlin as the perpetrator.”
The ICO, with support from deputy PM Nick Clegg, has already called for tougher penalties (including the prospect of prison for the most serious cases) because the ones that “exist at the moment are pathetic” (Nick Clegg).
UPDATE 13th Nov 2014
A spokesperson for EE has been in contact to clarify that the incident took place in 2011 (now edited in above), which is before Orange became a part of EE.
Comments are closed