News Prosecutions Read more online at www.securitymattersmagazine.com
ICO fines British Airways £20 million for data
breach affecting 400,000-plus customers
14
ONE OF the ringleaders from the
Hatton Garden security vault heist
has been ordered to pay a total sum
of £5,997,684.93. Michael Seed, also
known as ‘Basil’, was convicted back
in March last year for his part in
the £13.69 million heist, which is
believed to be one of the largest
burglaries in English history.
Wearing a face covering and a
wig to disguise his identity, Seed
was the one who entered the vault
through the drilled hole and helped
empty the contents. He was
witnessed walking away from the
scene with a bin bag over his
shoulder, presumed to be full of
gold, jewellery and precious stones.
Three years later, police officers
raided Seed’s one-bedroom council
flat in London’s Islington where
they found an array of items stolen
from Hatton Garden.
Seed has continued to deny his
involvement in this high value
burglary and any knowledge of the
proceeds of the burglary except for
the jewellery valued at £143,078
that was found in his flat.
He said that he actually worked
in the jewellery business, but no
evidence to support this declaration
was found and victims
subsequently identified some of the
items discovered by the police at
Seed’s flat as being their own.
The presiding Judge at Woolwich
Crown Court issued Seed with a
Confiscation Order of
£5,997,684.93 which he must pay
within three months or potentially
face up to seven years in prison.
Adrian Foster, Chief Crown
Prosecutor of CPS Proceeds of
Crime, said: “Despite Seed’s
protestations of innocence, the
Crown Prosecution Service was
able to prove that he was the
masked man, and that he and his
conspirators took millions of
pounds’ worth of precious stones,
gold and jewellery.”
Foster added: “Where we can
take money from people who’ve
profited from crime, we shall do so.
Last year, the Crown Prosecution
Service recovered over £100
million, in turn stopping hundreds
of criminals benefiting from their
ill-gotten gains.”
Door supervisor
with illegal home-made
‘licence’
sentenced to curfew
RONALD GLEAVE, a Crewe-based
door supervisor who went
to work wearing a fake Security
Industry Authority (SIA) licence,
has been sentenced to a three-month
curfew in the wake of the
regulator’s investigations.
36-year-old Gleave, of
Cheyney Walk in Crewe, was
sentenced at South Cheshire
Magistrates’ Court on Tuesday
22 September. At an earlier
hearing, he had pleaded guilty to
charges of fraud and working
without an SIA licence.
South Cheshire Magistrates’
Court heard that an SIA
investigations officer found
Gleave working as a door
supervisor at Crewe’s Brunswick
Hotel in September last year. He
was wearing an armband
displaying a piece of paper with
the words ‘Door Supervisor’
inscribed on it, a 16-digit
number and also an ‘expiry date’
of 23 March 2023.
On further investigation, the
SIA discovered that Gleave had
in fact taped his home-made
security licence to his own
genuine door supervisor’s
licence, which actually expired
on the same date in 2014.
Security boss pleads
guilty to supplying
unlicensed officers for
construction site
ON 30 SEPTEMBER, Taunton
security boss Peter Blythe was
fined at Carlisle Magistrates’
Court for deploying unlicensed
security following a prosecution
process initiated by the Security
Industry Authority (SIA).
57-year-old Blythe pleaded
guilty to two counts of supplying
unlicensed security personnel. A
director of PB Facilities
Management Ltd, Blythe had
previously applied to the SIA for
a licence, but had been turned
down due to his criminal record.
Those presiding at Carlisle
Magistrates’ Court fined Blythe
the sum of £1,000 and also
required him to pay court costs
of £225 in addition to a victim
surcharge of £100.
The Carlisle Magistrates were
unimpressed by his disregard for
private security industry law and
said that, if Blythe had not been
receiving benefits, the fine levied
would have been even higher.
THE INFORMATION
Commissioner’s Office (ICO) has
fined British Airways £20 million for
the latter’s failure to protect the
personal and financial details of
more than 400,000 of its customers.
An ICO investigation found that
the airline was processing a
significant amount of personal data
without adequate security measures
being in place. This failure broke
data protection law and,
subsequently, British Airways was
the subject of a cyber attack during
2018, but which the company didn’t
detect for more than two months.
ICO investigators found that
British Airways ought to have
identified weaknesses in its security
regime and resolved them with
security measures that were available
at the time. Investigators concluded
that addressing these security issues
would have prevented the 2018 cyber
attack being carried out in this way.
Speaking about the case,
Information Commissioner
Elizabeth Denham stated: “People
entrusted their personal details to
British Airways and the company
failed to take adequate measures to
keep those details secure. The
company’s failure to act was
unacceptable and affected hundreds
of thousands of people, which may
have caused some anxiety and
distress as a result. That’s why we
have issued British Airways with a
£20 million fine. This is the biggest
fine we have issued to date.”
Further, Denham said: “When
organisations take poor decisions
around personal personal data, that
can have a real impact on people’s
lives. The law now gives us the tools
to encourage firms to make better
decisions about data, including
investing in up-to-date security.”
Background to the case
Due to the fact that the British
Airways data breach happened in
June 2018, before the UK’s electorate
voted to leave the EU, the ICO
investigated on behalf of all EU
authorities as lead supervisory
authority under the General Data
Protection Regulation (GDPR). The
penalty and action have been
approved by the other EU data
protection authorities through the
GDPR’s co-operation process.
In June 2019, the ICO issued
British Airways with a notice of its
intent to fine. As part of the
regulatory process, the ICO
considered detailed representations
from British Airways and
appreciated the economic impact of
COVID-19 on the business before
setting a final penalty.
The cyber attacker is believed to
have potentially accessed the
personal data of approximately
429,612 customers and staff. This
included the names, addresses,
payment card numbers and CVV
numbers of 244,000 British Airways
customers. Other details thought to
have been accessed include the
combined card and CVV numbers of
77,000 customers and card numbers
only for circa 108,000 customers.
Hatton Garden security vault heist ringleader
issued with £6 million Confiscation Order
/www.securitymattersmagazine.com
