Latest news with #AndyCurry
BBC News
30-06-2025
- BBC News
Huge inquiry after a million people's data stolen from garages
Eight men have been convicted over the theft of a million people's personal details from vehicle garages across the Information Commissioner's Office (ICO) said it was "one of the largest nuisance call cases" they had Curry, ICO head of investigations, said: "This case uncovered a vast, murky criminal network where crash details were stolen from garages across England, Scotland and Wales and traded to fuel distressing predatory calls."The group, which conducted their crimes between 2014 and 2017, were due to be sentenced at a later date at Bolton Crown Court. 'Snowballed' Jurors at a 10-week trial heard how the ICO seized the "widest body of evidence it has ever seen", highlighting the misuse of personal data for nuisance calls to persuade people to make personal injury investigation began in 2016 when the owner of a car repair garage in County Durham contacted the regulator with concerns after customers blamed him for the calls they were watchdog said their investigation "snowballed into one of the largest nuisance call cases the ICO has ever dealt with".Investigators then arrested eight people from Greater Manchester and Cheshire. Data sold to claims firms The ICO also found devices with 4.5 million documents,144,000 spreadsheets and 241,000 also contained 1.5 million images and 83,000 multimedia obtained personal data of about one million people from garages without their consent before selling them to claims management ICO said it expected further prosecutions of people "embedded into insurance companies and claims management companies with the sole aim of stealing personal data" as part of the second phase of its investigation. The convicted men included:Craig Cornick, 40, of Prestbury, guilty of conspiracy to unlawfully obtain personal data contrary to the Data Protection Daly, 35, pleaded guilty to two counts of conspiracy to unlawfully obtain personal McCartan, 30, of Failsworth - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Flanagan, 40, of Macclesfield - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Preece, 44, of Manchester - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Thorlby, 35, of Macclesfield - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Moktadir, 32, of Stockport - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Crompton, 35, of Northwich - pleaded guilty to two counts of conspiracy to unlawfully obtain personal data contrary to the Data Protection Act. Read more stories from Cheshire on the BBC, watch BBC North West Tonight on BBC iPlayer and follow BBC North West on X. You can also send story ideas via Whatsapp to 0808 100 2230.
Yahoo
16-04-2025
- Yahoo
Company fined £60k after cyber attack
A Merseyside law firm has been fined £60,000 after a cyber attack that led to highly sensitive and confidential personal information being published on the dark web. The Information Commissioner's Office (ICO) found DPP Law Ltd, which has offices on Stanley Road in Bootle and Tithebarn Street in Liverpool city centre, failed to put appropriate measures in place to ensure the security of personal information held electronically. According to the ICO, this failure enabled cyber hackers to gain access to DPP's network, via an infrequently used administrator account which lacked multi-factor authentication (MFA), and steal large volumes of data. This occurred in June 2022 when DPP suffered a cyber attack which affected access to the firm's IT systems for over a week. A third-party consulting firm established that a brute force attempt gained access to an administrator account that was used to access a legacy case management system. READ MORE: 'Stunning' new build in 'highly sought-after' coastal location READ MORE: How often you should bath your kids and is daily bathing too much This enabled cyber attackers to move laterally across DPP's network and take over 32GB of data, a fact DPP only became aware of when the National Crime Agency contacted the firm to advise information relating to its clients had been posted on the dark web. The ICO said DPP did not consider that the loss of access to personal information constituted a personal data breach. As a result, it did not report the incident to the ICO until 43 days after it became aware of it. Andy Curry, ICO interim director of enforcement and investigations, said: "Our investigation revealed lapses in DPP's security practices that left information vulnerable to unauthorised access. "In publicising the errors which led to this cyber attack, we are once again highlighting the need for all organisations to continually assess their cybersecurity frameworks and act responsibly in putting in place robust measures to prevent similar incidents. "Our investigation demonstrates we will hold organisations to account for a failure to notify where there was a clear obligation to do so at the time of the underlying incident. "Data protection is not optional. It is a legal obligation, and this penalty should serve as a clear message: failure to protect the information people entrust to you carries serious monetary and reputational consequences." DPP specialises in law relating to crime, military, family fraud, sexual offences and actions against the police. An ICO statement said: "The very nature of this work means it is responsible for both highly sensitive and special category data, including legally privileged information. "As the information stolen by the attackers revealed private details about identifiable individuals, DPP has a responsibility under the law to ensure it is properly protected." The law requires organisations to take continual and proactive steps to protect themselves against cyber attacks. This includes ensuring all IT systems have MFA or equivalent protection, regularly scanning for vulnerabilities and installing the latest security patches without delay. The ECHO has approached DPP for comment. For the latest news and breaking news visit Get all the big headlines, pictures, analysis, opinion and video on the stories that matter to you. Join the Liverpool ECHO Breaking News and Top Stories WhatsApp community to receive the latest news straight to your phone by clicking here.
