@Information Commissioner and ilk..
Please, let's sort out the prison sentencing (and system) for rapists and murders first, before we fill any scarce new vacancies with data criminals.
A man who attempted to illegally access the passwords and login details of more than 1,000 Orange customers has been fined just £500 for his actions. The Information Commissioner's Office said that the 25-year-old company director Matthew Devlin was handed the financial penalty after he appeared before Calderdale Magistrates' …
A £500 fine is way too small for this sort of thing. Should have been a bit of jail time.
It used to be that the criminal record part of the punishment would have serious, life long impact upon his career, price for home/car insurance etc etc. Now, by the time he celebrates his next birthday it will be as though the offence was never committed.
Those fans, for there are many around these parts, of rehabilitation might need to explain to me how fining this clown less than he probably made as a result of his crime, and telling him that its ok next year we'll pretend this never happened, has actually rehabilitated him?
EE is an abomination that should be broken up for the good of humanity. Horrible horrible company.
That's because the "victim surcharge" has nothing directly to do with victims of crime. It's mainly a slush fund for organisations such as those sympathetic hand-holding ones that stand in for actual investigations when you're burgled, and for what you might think are basic functions of the prosecution such as looking after prosecution witnesses.
Bizarrely, it falls disproportionally on those who are given small fines, rather than a community order/prison sentence/etc - ie on those committing minor crimes such as speeding and who are able to pay, rather than those committing serious crimes with identifiable victims.
Some might see it as just another tax...
The headline is misleading and wrong, as a cursory reading of what the article says would show.
He obtained (through social engineering) a single admin login and password with appropriate permissions to steal customer records. He then used those records in order to target people as sales leads for his own company.
He was not interested in having, nor did he have, customer passwords. He was after names, email addresses, mobile numbers and contract details.
Honestly I think the blame for this is largely on EE, although I'm surprised they didn't try and get him under the Computer Misuse Act since he didn't really have authorization to access those databases (person on the phone wouldn't be likely to have authority to give him access and he likely lied to get access anyway)
Making a false statement with intent to obtain an advantage (or cause harm to another) is fraud, carrying 5 years in prison.
The lesser "pretexting" offence should only be used when there is no such intent.
No need for a change in the law, just proper prosecutions.
Agreed. Fraud, Computer Misuse Act, probably a few others. This didn't get passed far enough up the prosecution food chain. At the very least it should have got him a conviction that would result in him being blocked as a company director along with any other penalties.
Is it of relevance the crim was from Yorkshire, God's own country no less?
Had he been from Berkshire or from such other more affluent county would that have been highlighted in the title?
Data pinching scum is scum is scum, regardless of their geography.
"Ee bah gum" or should that be "EE done bah scum"?
I realise they live in the shaddowy world of the public sector, where none are ever held to account, but surely those in power must be realising that the CPS simply isn't fit for purpose.
If we need more jails, buy a few ships and fit them out. We can stash the long termers on them and moor them out at sea, protected by a RN gun boat. Cheap as chips. Or lease a little land in Poland or somewhere else for a few hundred years and build a mega jail where its cheapest to do so. We could organise visitation over skype.
We'd then have the onshore jails for first time offenders and lesser scrotes, which would deprive the judiciary of their principal excuse for hopelessly soft and ineffective treatment of criminals.
People who have money and commit crimes in order to obtain more money are best punished by being fined. Also, putting people in prison costs the tax payer money (rather a lot) while fining them saves the tax payer (a bit of) money. So please only use prison for people who are dangerous if not incarcerated.
I wonder if the cost of contacting all the "victims" and the cost of the administration has been calculated. The bill for that should be considerable - or have EE just left it? Should this be claimed off the "victim surcharge thing"? However 50p per person seems too small a charge, make it a tenner and send the collectors round.
"Personal data is a valuable commodity. Devlin lied and manipulated to access this information for his own profit and now he’s facing a fine and a criminal conviction. EE [which now owns the Orange brand] swiftly alerted us to this breach and their security procedures allowed the ICO to identify Devlin as the perpetrator."
Excuse me if I am wrong, but were the techies that install EE Internet for you not the guyz with spreadsheets full of unencrypted customer credentials? Could he not have ordered EE Internet instead?
Biting the hand that feeds IT © 1998–2019