Trio of data thieves have been prosecuted and fined over £400,000
cyber-attacks on UK councils

Trio of data thieves have been prosecuted and fined over £400,000

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

A gang of three data thieves were charged and prosecuted by the Information Commissioner’s Office (ICO) earlier this year for unlawfully obtaining personal data at their employment, and then selling it onto claim management companies.

Andrew Minty, Jamie Leong and Michelle Craddock – all employees of Enterprise-Rent-A-Car – conspired to steal customer information so they could sell on the personal information to third party claims management companies. They sold the information on the basis that the claims management company would then use the personal data and information to make nuisance calls to the individuals.

Affected customers

It was revealed that tens of thousands of client’s data was sold on for hundreds of thousands of pounds over a two and half year period. The nature of the scam was huge and followed civil proceedings made by Enterprise against the trio. The defendants had to pay the company civil compensation amounting to £400,000.


The trio conspired to commit an offence under section 55 of the Data Protection Act (DPA); namely to unlawfully obtain personal data. They were guilty of this as Enterprise-Rent-A-Car (the data controller) didn’t give them explicit permission to utilise the data as they did.

Prosecuted and fined

They all pleaded guilty at Winchester Crown Court for committing offences under the DPA. The ‘ringleader’, Mr Minty, was fined £7,500 which must be paid within two years or he’ll be threatened with a three month custodial sentence. It’s believed that Mr Leong and Ms Craddock had less involvement and were given 12 month conditional discharges. This allows them to be released but the offence is registered on their criminal records. In addition, Mr Leong was ordered to pay prosecution costs of £3,000 and Ms Craddock was ordered to pay £1,200. The amount payable is due within two years.


I’m sure the fines inflicted on the defendants speak for themselves. ICO’s Head of Enforcement, Steve Eckersley, reiterates the dangers of vulnerability of drivers and how individuals like Minty, Leong and Craddock can exploit them:

“Car rental companies have details of drivers who have been in a road accident and need to hire a vehicle whilst theirs is out of action. These details are valuable leads to companies which make money from encouraging accident victims to make claims.”

“This prosecution was the result of an ICO investigation brought about after Enterprise found out what was happening. These individuals had a long running agreement to abuse the trust placed in them to look after precious personal details. The problem of data thieves trading personal information is very concerning and one we’re cracking down on.”

Let this be a word of warning to anyone who seeks to violate data protection principles in order to personally benefit. They will be caught and punished.

As data controllers, Enterprise-Rent-A-Car should’ve arguably done more to protect their customers’ personal data. By allowing their employees to have unrestricted access to tens of thousands of customers’ information, some may argue that they were “asking for it”. But then again, what can you do? An element of trust has to be placed in people to protect data.

If the ICO finds that a company or business is lax on their cyber-security, they have the authority to impose a monetary penalty of up to £500,000. On this occasion, they’ve not done so. This could’ve been for multiple reasons, I theorise that the ICO believes that the wrongdoing lies solely with the data thieves.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon