A criminal network who stole data to fuel nuisance calls are to be sentenced.

The Information Commissioner's Office has welcomed a guilty verdict in a trial related to the unlawful accessing and obtaining of people's personal information from vehicle repair garages.

During their investigation, the ICO seized the widest body of evidence it has ever seen, demonstrating the misuse of people's personal details to make nuisance calls to try and persuade people to make personal injury claims.

Following a 10-week trial, a jury at Bolton Crown Court this week found 40-year-old Craig Cornick from Prestbury guilty of conspiracy to unlawfully obtain personal data contrary to the Data Protection Act.

Earlier in the month, the jury returned a not guilty verdict for Cornick and Thomas Daly for a charge of conspiracy to access computer systems without authority contrary to the Computer Misuse Act.

Daly, 35 and of Macclesfield, had previously pleaded guilty to two counts of conspiracy to unlawfully obtain personal data.

ICO head of investigations, Andy Curry, said: "Most of us have had nuisance calls asking if we've been in a crash.

"At best they're annoying but at worst they cause real upset and fear, especially to vulnerable people, and have a real impact on the businesses affected.

"This case uncovered a vast, murky criminal network where crash details were stolen from garages across England, Scotland and Wales and traded to fuel distressing predatory calls.

"This has been an enormous and complex case which has seen ICO staff use both technical expertise and investigative skills to work tirelessly to track down those responsible and hold them accountable on behalf of the public."

Cornick and Daly join six other men who had all previously pleaded guilty to the offences listed below: 

• Vincent McCartan, 30, of Failsworth - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Act.
• Ian Flanagan, 40, of Macclesfield - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Act.
• Mark Preece, 44, of Manchester - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Act.
• Kiernan Thorlby, 35, of Macclesfield - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act and conspiracy to secure unauthorised access to data held on computer systems contrary to the Computer Misuse Act.
• Fahad Moktadir, 32, of Stockport - pleaded guilty to conspiracy to unlawfully obtain personal data contrary to the Data Protection Act.
• Adam Crompton, 35, of Northwich - pleaded guilty to two counts of conspiracy to unlawfully obtain personal data contrary to the Data Protection Act.

Bolton Crown Court (Credit: Google Maps)

ICO investigation

The ICO launched their investigation in 2016 when the owner of a car repair garage in County Durham contacted the regulator, saying he was worried his customers blamed him for the nuisance calls they were receiving about personal injury claims. 

From this first initial complaint, the investigation snowballed into one of the largest nuisance call cases the ICO has ever dealt with.

After identifying the people involved, the ICO's investigations team carried out nine raids in the Manchester and Macclesfield areas.

The devices seized under search warrant contained 241,000 emails, 4.5 million documents, 144,000 spreadsheets, 1.5 million images and 83,000 multimedia files.

The defendants were found to have conspired together between 2014 and 2017, where they accessed and obtained personal data of approximately one million people from vehicle repair garages without their consent.

This data was then sold onto claims management firms hoping to generate potential leads for personal injury claims.

The ICO has an ongoing second phase of its investigation and anticipates further prosecutions of people embedded into insurance companies and claims management companies with the sole aim of stealing personal data.

All of the aforementioned defendants are due to return to court on Friday, July 11, where it is proposed Proceeds of Crime Act and cost issues will be discussed, with sentencing following at a later date.