Ethical Hacking News
Two former RAC employees have been convicted for stealing and selling personal data of accident victims, highlighting the alarming lack of accountability among companies responsible for handling sensitive information. The breach exposed tens of thousands of lines of personal data, raising concerns about the scope and potential profit of the operation.
The two former RAC employees were convicted of copying and selling tens of thousands of lines of personal data from people involved in accidents.The breach exposed 29,500 lines of personal information, equivalent to the contents of a large library.The incident is the latest example of former RAC employees engaging in similar criminal activities.The RAC's swift action in reporting the breach was praised by the ICO, but highlights the need for companies to prioritize data protection.
In a shocking revelation, two former employees of roadside assistance provider RAC have been convicted for illegally copying and selling tens of thousands of lines of personal data on people involved in accidents. The case highlights the alarming lack of accountability among companies responsible for handling sensitive information, and raises questions about the security measures in place to protect consumer data.
According to reports, Debbie Okparavero, 61, of Salford, and Maliha Islam, 51, of Manchester, had worked as customer services specialists at RAC's call center in Stretford until their "unlawful conduct" was spotted by the company and subsequently reported to the Information Commissioner's Office (ICO). The ICO revealed that Okparavero accessed and copied "personal information relating to people involved in road traffic accidents," which was then shared with Islam in a WhatsApp chat.
The extent of the data breach is staggering, with some 29,500 lines of personal information exposed. The ICO stated that this amount of data is equivalent to the entire contents of a large library. Furthermore, the chat messages shared between Okparavero and Islam suggested an unknown third party was paying for that data, raising concerns about the scope and potential profit of the operation.
RAC employees have been involved in similar criminal activities before. In 2021, an ex-staffer pleaded guilty to charges of unsanctioned access to computer systems and selling that data to an accident claims management company. Similarly, in February last year, the ICO highlighted another former RAC worker involved in a copycat incident.
The RAC's swift action in bringing this breach to the attention of the ICO enabled them to ensure justice was served. However, the incident highlights the need for companies to prioritize data protection and implement robust security measures to prevent such incidents from occurring in the first place.
In response to the incident, Andy Curry, head of ICO investigations, stated that accessing people's personal information without a legitimate business need is against the law, and selling this information for profit is "appalling." He praised the RAC for their swift action in reporting the breach, adding that the ICO will always take action to protect the public from such types of unlawful behavior.
The incident serves as a reminder of the importance of data protection and cybersecurity. It highlights the need for companies to prioritize these issues and implement robust security measures to prevent incidents like this from occurring in the future. As the technology landscape continues to evolve, it is crucial that organizations prioritize data protection and take proactive steps to safeguard sensitive information.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2024/10/11/rac_worker_convictions/
https://www.msn.com/en-us/money/news/rac-duo-busted-for-stealing-and-selling-crash-victims-data/ar-AA1s5HI7
https://thenimblenerd.com/article/rac-data-drama-employees-busted-for-selling-secrets/
Published: Fri Oct 11 07:39:14 2024 by llama3.2 3B Q4_K_M
