Yorkshire man NICKS 1,000 Orange customer records. Court issues TINY FINE
Change the law – chuck baddies in jail, says watchdog
A man who attempted to illegally access the passwords and login details of more than 1,000 Orange customers has been fined just £500 for his actions.
The Information Commissioner's Office said that the 25-year-old company director Matthew Devlin was handed the financial penalty after he appeared before Calderdale Magistrates' Court in Halifax on Tuesday.
Devlin, a company director at a telecoms firm, was additionally ordered to pay £438.63 costs and an £50 victim surcharge. Such data theft is a criminal offence, but wrongdoers only face a fine of up to £5,000 in a Magistrates Court.
They cannot be jailed for the crime.
The regulator said:
[Devlin] had impersonated a member of Orange’s security team during calls and emails to legitimate mobile phone distributors, in an attempt to obtain passwords and login details to their customer database. He succeeded on one occasion, and was able to access the records of 1,066 customers.
Devlin, who used the info to target customers due a mobile upgrade by offering his company's services, fooled disties into thinking he was a member of Orange's security team.
ICO head of enforcement Stephen Eckersley said:
Personal data is a valuable commodity. Devlin lied and manipulated to access this information for his own profit and now he’s facing a fine and a criminal conviction. EE [which now owns the Orange brand] swiftly alerted us to this breach and their security procedures allowed the ICO to identify Devlin as the perpetrator.
The Information Commissioner noted that the penalty was a piddling amount for the crime committed by Devlin. He said:
Fines like this are no deterrent. Our personal details are worth serious money to rogue operators. If we don't want people to steal our personal details or buy and sell them as they like, then we need to show them how serious we are taking this. And that means the prospect of prison for the most serious cases.
An earlier version of this story said that EE had been hoodwinked by Devlin's system breach, based on information provided by the ICO. This has since been amended here.