A leading insurance company and two of its employees have been found guilty of “blagging” the private bank details of a nightclub owner, marking the first conviction in the so-called blue-chip hacking scandal.
Prosecutions could now be brought against other companies after Woodgate & Clark, a loss adjusters that had a turnover of more than £13 million last year, was linked to the illicit “fishing expedition”. The company, based in West Malling, Kent, assesses the validity of claims on behalf of some of the country’s biggest insurers.
A former director and a senior employee used a private investigator who duped two banks into handing over information about the financial affairs of Michael Cookson, who had made a claim after a fire at his nightclub in Accrington, Lancashire.
Information relating to Mr Cookson’s income, mortgage, direct debits and loans was obtained from the banks and passed back to the loss adjusters via a second private investigator, before the details were illegally disclosed to Mr Cookson’s insurers.
Such personal details are private and protected by the Data Protection Act.
On Wednesday Michael Woodgate, 67, a co-founder of the company, who retired in 2009 and is listed as a director, was found guilty at Maidstone crown court of unlawfully obtaining and disclosing personal data. The two private investigators, Adam Spears, 78, a former policeman, and Daniel Summers, 38, were convicted of the same offences. Summers, who lives in Cyprus, was tried in his absence. Colom Tudball, 54, an employee of Woodgate & Clark, was found guilty of unlawfully obtaining personal data. The company was cleared of two offences of unlawfully obtaining personal data but convicted of unlawfully disclosing it.
The court was told that Mr Cookson had no involvement with the fire.
The case, which dates back to 2005, is the first prosecution brought as a result of Operation Spruce, an investigation established in the wake of the alleged “blue-chip hacking scandal” in 2013 and centred on the revelation that the Serious Organised Crime Agency (Soca) had for years sat on the knowledge that some of Britain’s leading companies, including banks, law firms and insurers, were using private investigators to obtain information.
The success of the Kent prosecution means that the Information Commissioner’s Office (ICO) is likely to bring further prosecutions. It has identified at least 19 companies where “there is evidence of a criminal breach and civil breach” of the Data Protection Act, according to information put before the home affairs select committee. However, half the 19 companies are based offshore. Their names were taken from a list of 98 produced by Soca and passed to the ICO in 2013. A further 42 companies may have committed civil breaches of the act, the committee was told. The ICO estimated that there were 125 victims.
Woodgate & Clark said it was “naturally very disappointed” by the verdict. “We do not believe this isolated and historic incident reflects, in any way, the integrity, diligence and transparency with which we have always conducted, and will continue to conduct, business,” it said. “Despite our disappointment, we accept the findings of the court and we intend now to move on.”
Sentencing was adjourned until January 5, although Judge Charles Macdonald, QC, said that his powers were limited to issuing a fine.
Note: Two of the Defendants were previously convicted in 2012 at Kingston upon Thames Crown Court; click here
Source: The Times
Information Commissioner's Office report on case, click here.