back to article Yorkshire man NICKS 1,000 Orange customer records. Court issues TINY FINE

A man who attempted to illegally access the passwords and login details of more than 1,000 Orange customers has been fined just £500 for his actions. The Information Commissioner's Office said that the 25-year-old company director Matthew Devlin was handed the financial penalty after he appeared before Calderdale Magistrates' …

  1. Anonymous Coward
    Anonymous Coward


    @Information Commissioner and ilk..

    Please, let's sort out the prison sentencing (and system) for rapists and murders first, before we fill any scarce new vacancies with data criminals.

  2. Anonymous Coward
    Thumb Down


    A £500 fine is way too small for this sort of thing. Should have been a bit of jail time.

    What about EE, though? Shouldn't the ICO have charged them with negligence or something like that? It doesn't sound as if the perp had to try to hard to get the sensitive info out of them.

    1. Anonymous Coward
      Anonymous Coward

      Re: Piddling

      A £500 fine is way too small for this sort of thing. Should have been a bit of jail time.

      It used to be that the criminal record part of the punishment would have serious, life long impact upon his career, price for home/car insurance etc etc. Now, by the time he celebrates his next birthday it will be as though the offence was never committed.

      Those fans, for there are many around these parts, of rehabilitation might need to explain to me how fining this clown less than he probably made as a result of his crime, and telling him that its ok next year we'll pretend this never happened, has actually rehabilitated him?

      EE is an abomination that should be broken up for the good of humanity. Horrible horrible company.

  3. wolfetone Silver badge

    I remember reading that your personal details are worth about $15 ($9.47).

    So, if 1,000 user details were sold, the total gained from this would be £9,470.

    A £500 fine for this theft? Plus £470-odd? Crime certainty does pay doesn't it?

    1. Bronek Kozicki Silver badge

      Yeah , this "£50 victim surcharge" got me thinking - it seems didn't count each victim separately, as this would add up to more sizeable fine.

      1. Anonymous Coward
        Anonymous Coward

        That's because the "victim surcharge" has nothing directly to do with victims of crime. It's mainly a slush fund for organisations such as those sympathetic hand-holding ones that stand in for actual investigations when you're burgled, and for what you might think are basic functions of the prosecution such as looking after prosecution witnesses.

        Bizarrely, it falls disproportionally on those who are given small fines, rather than a community order/prison sentence/etc - ie on those committing minor crimes such as speeding and who are able to pay, rather than those committing serious crimes with identifiable victims.

        Some might see it as just another tax...

  4. Michael Hawkes


    I'm wondering why they had presumably plain-text passwords in a database. If that's an indication of their tech knowledge, it becomes easier for me to see why they fell for a social engineering attack.

    1. Just Enough

      Headline is misleading and wrong

      The headline is misleading and wrong, as a cursory reading of what the article says would show.

      He obtained (through social engineering) a single admin login and password with appropriate permissions to steal customer records. He then used those records in order to target people as sales leads for his own company.

      He was not interested in having, nor did he have, customer passwords. He was after names, email addresses, mobile numbers and contract details.

  5. SolidSquid

    Honestly I think the blame for this is largely on EE, although I'm surprised they didn't try and get him under the Computer Misuse Act since he didn't really have authorization to access those databases (person on the phone wouldn't be likely to have authority to give him access and he likely lied to get access anyway)

  6. Shane McCarrick

    50p fine per customer.....

    The tiny size of the fine- which works out at less than 50p per customer (+costs) is laughable.

    Surely in cases like this- the nature of the crime should dictate that it be tried at a level that an appropriate punishment can be meted out to the perpetrator?

  7. Ben Liddicott

    Blame the prosecutor: He could have been charged with fraud.

    Making a false statement with intent to obtain an advantage (or cause harm to another) is fraud, carrying 5 years in prison.

    The lesser "pretexting" offence should only be used when there is no such intent.

    No need for a change in the law, just proper prosecutions.

    1. BillG Silver badge

      Re: Blame the prosecutor: He could have been charged with fraud.

      I agree with blame the prosecutor. Oddly enough, the way the courts handled this is more suspicious than the crime!

    2. Anonymous Coward
      Anonymous Coward

      Re: Blame the prosecutor: He could have been charged with fraud.

      "Making a false statement with intent to obtain an advantage (or cause harm to another) is fraud, carrying 5 years in prison."

      What, you mean like the bankers got?

      Oh wait....they didn't.

    3. Doctor Syntax Silver badge

      Re: Blame the prosecutor: He could have been charged with fraud.

      Agreed. Fraud, Computer Misuse Act, probably a few others. This didn't get passed far enough up the prosecution food chain. At the very least it should have got him a conviction that would result in him being blocked as a company director along with any other penalties.

  8. Mark Jan

    What's with the Yorkshire thing?

    Is it of relevance the crim was from Yorkshire, God's own country no less?

    Had he been from Berkshire or from such other more affluent county would that have been highlighted in the title?

    Data pinching scum is scum is scum, regardless of their geography.

    "Ee bah gum" or should that be "EE done bah scum"?

    1. Tom 38 Silver badge

      Re: What's with the Yorkshire thing?

      I've never ever been barracked by someone shouting "BERKSHIRE! BERKSHIRE! BERKSHIRE!" though

    2. frank ly Silver badge

      Re: What's with the Yorkshire thing?

      There may be some people who don't know where Calderdale or Halifax is, so this is useful for them. (There used to be lots of places called Halifax, almost on every high street, as I remember.)

  9. Elmer Phud

    CPS screws up again.

    As title

    1. Anonymous Coward
      Anonymous Coward

      Re: CPS screws up again.

      I realise they live in the shaddowy world of the public sector, where none are ever held to account, but surely those in power must be realising that the CPS simply isn't fit for purpose.

      If we need more jails, buy a few ships and fit them out. We can stash the long termers on them and moor them out at sea, protected by a RN gun boat. Cheap as chips. Or lease a little land in Poland or somewhere else for a few hundred years and build a mega jail where its cheapest to do so. We could organise visitation over skype.

      We'd then have the onshore jails for first time offenders and lesser scrotes, which would deprive the judiciary of their principal excuse for hopelessly soft and ineffective treatment of criminals.

  10. Anonymous Coward
    Anonymous Coward

    Please, not prison!

    People who have money and commit crimes in order to obtain more money are best punished by being fined. Also, putting people in prison costs the tax payer money (rather a lot) while fining them saves the tax payer (a bit of) money. So please only use prison for people who are dangerous if not incarcerated.

    1. YetAnotherLocksmith

      Re: Please, not prison!

      Got to agree with that.

      Fine the guy £10,000 per fiddled set of details, he won't do it again. Perhaps £1000 each for the first offence?

      But 50p per person? That's not a punishment, that's cheaper than buying the info!

  11. Anonymous Coward
    Anonymous Coward

    Come El Reg "Prosecutor passes paltry penalty on password pilferer" surely?

  12. Refugee from Windows

    I wonder if the cost of contacting all the "victims" and the cost of the administration has been calculated. The bill for that should be considerable - or have EE just left it? Should this be claimed off the "victim surcharge thing"? However 50p per person seems too small a charge, make it a tenner and send the collectors round.

  13. Anonymous Coward
    Anonymous Coward

    And the fine for EE for not setting up their processes and training in such a way as to prevent social engineering?

  14. This post has been deleted by its author

  15. Hans 1 Silver badge


    "Personal data is a valuable commodity. Devlin lied and manipulated to access this information for his own profit and now he’s facing a fine and a criminal conviction. EE [which now owns the Orange brand] swiftly alerted us to this breach and their security procedures allowed the ICO to identify Devlin as the perpetrator."

    Excuse me if I am wrong, but were the techies that install EE Internet for you not the guyz with spreadsheets full of unencrypted customer credentials? Could he not have ordered EE Internet instead?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019