A telecoms director has been fined £500 after illegally accessing a customer database belonging to the mobile network EE.
Matthew Devlin, 25, successfully obtained the details of more than 1,000 customers after posing as a member of their security team, and in addition to the fine will pay costs of £438.63 and a victim surcharge of £50.
Stephen Eckersley, head of enforcement at the Information Commissioner’s Office (ICO), said: "Personal data is a valuable commodity. Devlin lied and manipulated to access this information for his own profit and now he’s facing a fine and a criminal conviction.
"EE swiftly alerted us to this breach and their security procedures allowed the ICO to identify Devlin as the perpetrator."
After obtaining the customers’ details Devlin marketed services to the victims when they were due a mobile phone upgrade from EE, working in his role as director of three different marketing and telecoms companies.
The size of his fine has caused the ICO director Christopher Graham to call for sterner penalties for unlawful access of personal data, currently limited to a £5,000 fine in a magistrates court and an unlimited fine at the higher level of crown court.
"Fines like this are no deterrent," he said. "Our personal details are worth serious money to rogue operators.
"If we don’t want people to steal our personal details or buy and sell them as they like, then we need to show them how serious we are taking this. And that means the prospect of prison for the most serious cases."
