Eight found guilty in largest ever nuisance call probe linked to crash repairs

- Largest data crime case in ICO history

- Crash victims targeted through stolen garage records

- Data watchdog vows further action as probe widens

Eight men have been found guilty in the largest investigation ever undertaken by the Information Commissioner’s Office (ICO) into the illegal trade of personal data used to make nuisance calls.

The case exposed a wide-scale criminal conspiracy that saw the personal details of around one million people harvested from vehicle repair garages without consent to provide leads for cold calls by claims management companies.

The ICO’s investigation began in 2016, when a car repair garage owner in County Durham alerted the regulator after customers began receiving personal injury claim calls and wrongly believed the garage had leaked their information.

From this single complaint, the investigation quickly expanded into one of the most far-reaching cases the ICO has ever undertaken.

Search warrants executed across Manchester and Macclesfield uncovered an enormous trove of digital evidence.

Devices seized contained 241,000 emails, 4.5 million documents, 144,000 spreadsheets filled with unlawfully acquired data, 1.5 million images and 83,000 multimedia files.

Investigators found that between 2014 and 2017, the defendants accessed personal data from vehicle repair centres without authorisation, then sold that information to claims management companies.

Following a ten-week trial at Bolton Crown Court, Craig Cornick, 40, of Prestbury, was found guilty of conspiracy to unlawfully obtain personal data. His co-defendant, Thomas Daly, 35, of Macclesfield, had previously pleaded guilty to two counts of the same offence.

Earlier this month, the jury returned not guilty verdicts for both men on a separate charge of conspiracy to access computer systems without authority.

Cornick and Daly were part of a wider network of offenders that included Vincent McCartan, 30, of Failsworth; Ian Flanagan, 40, of Macclesfield; Mark Preece, 44, of Manchester; Kiernan Thorlby, 35, of Macclesfield; Fahad Moktadir, 32, of Stockport; and Adam Crompton, 35, of Northwich.

All six previously admitted their roles in the conspiracy, pleading guilty to charges under the Data Protection Act and, in most cases, the Computer Misuse Act.

Andy Curry, head of investigations at the ICO, said the case revealed an alarming and deeply rooted criminal enterprise.

“Most of us have had nuisance calls asking if we’ve been in a crash. At best they’re annoying, but at worst they cause real upset and fear, especially to vulnerable people, and have a real impact on the businesses affected,” he said.

“This case uncovered a vast, murky criminal network where crash details were stolen from garages across England, Scotland and Wales and traded to fuel distressing predatory calls. This has been an enormous and complex case which has seen ICO staff use both technical expertise and investigative skills to work tirelessly to track down those responsible and hold them accountable on behalf of the public.”

All eight defendants are due back in court on July 11, when matters under the Proceeds of Crime Act and associated costs will be reviewed. Sentencing will follow at a later date.

The ICO confirmed that this is only the first phase of its investigation. A second phase is now underway and is expected to lead to further prosecutions.

The regulator is focusing on individuals suspected of being embedded within insurance companies and claims management firms for the purpose of systematically stealing personal data.

“We will continue to pursue those who think it’s acceptable to trade in people’s private information without consequence,” said Curry. “The public has a right to trust that their data won’t be exploited behind their backs.”