Three one-time employees at Enterprise car hire branches in the UK have been fined for selling customers’ personal information. The trio appeared at Winchester Crown Court last week where they entered guilty pleas to operating a scam said to have netted tens of thousands of pounds in two years.
They all pleaded guilty to violating the Data Protection Act. Andrew Minty got a £7,500 fine for his part in the swindle. This came with the proviso he paid the full amount within two years or served a three-month custodial sentence.
Fellow defendant Jamie Leong was fined £3,000 and Michelle Craddock was hit with a £1,200 fine. Both were also given conditional discharges for 12 months. The lesser fines reflected the defendants’ roles in the crime and also what they had already paid in fines from civil court proceedings.
A report on the prosecution from the Information Commissioner’s Office (ICO) noted that the defendants had already paid Enterprise £400,000 in compensation. The three employees had previously worked in the Aldershot or Cardiff Enterprise outlets.
The company’s European communications director, John Davies, said it looked like a reservations programme was hacked into in 2011. After detecting the data breach, Enterprise launched an internal enquiry and told the ICO what they suspected had happened.
Mr Davies explained that Enterprise took data security seriously and would not stand for any actions which risked exposing customers’ personal information. The ICO instigated the prosecution against the rogue employees.
The ICO’s Steve Eckersley said the details were sold on to cold-call companies. These companies were then able to ascertain which customers had had to rent cars because they had been involved in accidents in their own. The cold-callers pressurised these drivers into starting claims for compensation.