Driver data, including phone numbers and addresses, appears to have been accessed by third parties not involved in the repair of the vehicle.
It was revealed by RMI Bodyshops (NAB & VBRA) that has been investigating a potentially serious breach of repairer management systems confidentiality and the apparent release of personal data to third party legal firms and accident management companies.
Jason Moseley, executive director at RMI Bodyshops, said: “We have direct evidence that data entered into bodyshop systems has found its way, in a matter of hours, into the hands of third party organisations.
“We have been analysing, with our members, the terms and conditions of the various agreements in place with repairer management systems, whether they are entitled to do this and the nature, scope and validity of such activity.
“As part of an internal investigation, one of the bodyshops involved entered fictitious data into the system to attempt to draw out a reaction. Within a few hours of this data entry, a call was received from an accident management company trying to leverage a compensation claim.”
RMI Bodyshops and its members have informed the necessary authorities and have been working together with them behind the scenes.
Moseley continued: “We do not yet know if these actions are legitimate disclosures, the result of a cyber-attack or a physical breach of such systems, so we have taken no chances and launched an investigation.
“We will be pushing hard with our members to bring more transparency and collaborating with the necessary authorities. We must get to the truth.
“Addressing this particular issue forms part of our overall strategy to ensure that bodyshops, and consumers, are treated fairly.”