Garage That Exposed Data Crime

The Garage, The Gang, and The Decade-Long Fight for Justice

How one couple’s clever trap exposed a vast criminal network and brought down one of Britain’s largest unsolicited call operations, sparking a ten-year saga of resilience and determination.

A Seed of Doubt is Sown

Jan and Michael Reed can pinpoint the instant their family-run company was dealt a staggering blow. The year was 2015. A trio of their loyal clients were gathered inside the reception of their auto body shop in the County of Durham. It had been a hectic period, and in a rare coincidence, all three were there to pick up their vehicles at the same time. One man mentioned he had received a phone call from a firm that handles accident claims. The caller tried to coax him into lodging a claim for personal injury. Alarmingly, the person on the line was aware of the car's specific model and make, and the incident's date. A second man then shared that the exact same thing had happened to him. After the third client verified he too had received the unsolicited call, they were all reaching for their phones to compare notes.

A Damaging Accusation

One of the men asked the others for the phone number that had called them. Jan remembers the scene vividly, recalling the event with a concerned expression. The customers pulled out their mobiles, compared the numbers, and then turned to her, asking if she recognised it. Jan confirmed she had no knowledge of the number at all. The unavoidable question then hung in the air: where did the callers get their information from? These individuals were not insured by the same provider, had contracted with separate brokers, and their collisions were not linked. Michael recalled the moment all three turned to look at them. Their collective conclusion was that the Reeds' establishment had to be the source of the data leak.

The Weight of Suspicion

Unsolicited callers are a modern-day annoyance, whether inquiring about home maintenance or encouraging the pursuit of injury compensation. But the situation escalates dramatically when such calls pose a risk to a company's survival. Following that initial, painful confrontation, the complaints from other customers continued to mount. The couple grew increasingly worried about the damage to their hard-won reputation. Jan explained the emotional toll it took, describing how they first felt distressed, and then that sorrow turned into anger. They felt trapped, knowing they were not at fault but unable to stop the accusations. The issue consumed their conversations, leaving them feeling completely overwhelmed by the situation.

A Legacy to Protect

The couple manages Alan Reed Ltd, a business founded in 1970 by Michael’s father. Michael himself joined the business right after he finished school at age fifteen. It is a true family operation. Jan is responsible for customer care. Their daughter, Debbie, manages the accounts, while Megan, Michael’s daughter, manages the parts department. With such deep family roots and a history stretching back over half a century, the threat to their business felt like an attack on their family's legacy. They were not ignorant regarding data security. Their work with major insurance corporations required them to complete training on safeguarding personal details.

Searching for the Betrayal

Convinced the leak was not due to carelessness, the Reeds took action. They had their centralized IT system for logging cars, a standard tool in the field, checked on two separate occasions but were assured everything was secure. They had full confidence in their forty employees, half of whom they had known since their apprenticeship days. However, believing they were the sole affected garage, they began to question if there had been a betrayal of trust. The thought of an inside source was agonising but became a necessary consideration as they exhausted other possibilities.

The Digital Sting Operation

After dealing with months of grievances, the Reeds reached a tipping point. Michael can pinpoint the specific instant. The couple was driving when Jan became emotional. She recalls telling Michael she could not continue like this and that they had to take action. Then, an idea struck her. She proposed that they should input their personal details into the system. Michael agreed, and they decided to try it. In the spring of 2016, they entered their own phone numbers along with information about non-existent accidents and then they waited.

Image Credit - Freepik

The Inevitable Call

Initially, there was no activity. But eleven days later, Michael's phone began to ring. Michael stated he walked over to tell Jan someone was calling him just as Jan's own phone began ringing. He told her to answer it, and they realized it was the identical number calling both of them. Michael engaged with the caller, verifying if they knew the date of his supposed accident. When the date was confirmed, he was transferred to a solicitor. Michael eventually made an excuse to terminate the conversation. Once a letter from the law firm came, they felt prepared to approach the authorities.

From Victims to Whistleblowers

The final piece of the puzzle fell into place when the correspondence from the legal firm arrived. With this concrete evidence in hand, the Reeds were finally prepared to approach the authorities. They had proof that data was being systematically stolen and that their business was a victim, not a perpetrator. Michael commented that they naively expected the issue would be resolved within a matter of weeks. They never imagined it would stretch on for close to a decade. Their personal stand was about to trigger the most significant probe into nuisance calls ever undertaken in the UK.

Operation Pelham is Launched

The Information Commissioner’s Office (ICO) took on the case, with Andy Curry serving as the head of investigations. The inquiry was given the codename Operation Pelham. While he is not a man prone to overstatement, his enthusiasm becomes apparent when he speaks about the scope of the operation. He states this was the largest criminal investigation and legal action the ICO has ever managed. Leveraging the information from the Reeds and hundreds of other garages, criminal investigators from the ICO were able to build a comprehensive picture of the criminal enterprise. The Reeds' courage had officially set the wheels of justice in motion.

A Mountain of Evidence

Leveraging the intelligence gathered, criminal investigators from the ICO conducted nine separate raids in 2016 across Macclesfield and Manchester. They collected a massive amount of digital evidence, including 241,000 emails, 4.5 million documents, 144,000 spreadsheets, one-and-a-half million images, and 83,000 multimedia files. This colossal haul of digital evidence demonstrated the industrial scale of the data theft. The operation was not a small-scale affair but a highly organised conspiracy that treated the personal details of accident victims as a valuable commodity. The sheer amount of seized material highlighted the enormous and highly intricate task that lay ahead.

Pandora's Digital Box

An iPhone was among the confiscated items which, as the ICO's prosecuting lawyer described it, unlocked a huge trove of secrets. It offered a clear view into the criminals' extensive illegal activities. The contents of this one device were so revealing that they became a cornerstone of the prosecution's case. It laid bare the inner workings of the conspiracy, the key players involved, and the brazen nature of their activities. This single piece of technology offered investigators an unvarnished look at a criminal network that believed it could operate with impunity.

Unmasking a Criminal Network

Curry explained that they uncovered an immense and shadowy criminal enterprise where crash information was pilfered from repair centers all over England, Scotland, and Wales. This pilfered data was then sold to support harassing, predatory calls. He described the case as enormous and highly intricate. When asked if the operation was profitable for the men, Curry stated they believe more than £3 million was generated from this enterprise, which he noted is a rather substantial sum of money. The investigation revealed an entire underground economy built on the exploitation of people at their most vulnerable.

Image Credit - Freepik

The Architect of the Scheme

At the centre of this network was Craig Cornick, a 40-year-old businessman situated in Prestbury, a wealthy village in the Greater Manchester area famous for its millionaire and footballer-owned mansions. A jury at the crown court in Bolton found Cornick guilty of conspiring to purloin personal data. On Companies House, Craig Cornick is recorded as a director for fifteen different businesses since 2013. His defence argued that trading data was a widespread industry practice before the tightening of regulations. After the guilty verdict, Cornick issued a statement rejecting any suggestion of misconduct and announced his intention to appeal the conviction.

A Cascade of Guilty Pleas

While Craig Cornick maintained his innocence, his accomplices took a different path. 35-year-old Thomas Daly, from Macclesfield, had previously entered a guilty plea on two counts of conspiring to purloin personal information, despite being acquitted of hacking along with Cornick. Six other men also admitted their roles in the scheme. Of these, four acknowledged their guilt in hacking computer systems, while all six confessed to stealing data. The confessions revealed a clear image of a multi-layered conspiracy, with different individuals performing distinct roles to facilitate the sale of the stolen data.

Arrogance Caught on Camera

The evidence presented to the jury depicted a cabal of individuals who believed they were beyond reproach, boasting in text messages about the private information they were able to acquire. In a text exchange from September of 2016, one person inquired if the other still had access to insurance data, stating he had a buyer interested in making weekly purchases. Another vital piece of evidence emerged as a selfie video recorded by Mark Preece, who confessed to conspiring to hack into computer networks. In the video, he brags that he possesses the complete list of garages and all the necessary passwords, exclaiming that he is going to become rich.

The Murky Data Marketplace

While the names, contact details, and accident information of individuals might appear as simple spreadsheet entries, they represent highly valuable assets. The core business model was simple: steal the data and have it peddled to firms that manage claims, which are eager to find leads for personal injury lawsuits. The data supplied by the group was a goldmine, giving them direct access to individuals who had recently been in accidents. This created a perverse incentive structure where the demand from one industry directly fuelled the criminal activities of another.

A Nationwide Nuisance

The problem of nuisance calls extends far beyond this single case. According to recent research from Ofcom, the UK's communications regulator, an estimated 45 million people received a potential scam text or call in just a three-month period. The data shows that scammers are increasingly using text messages, with 71% of people reporting a suspicious text. However, landlines remain a key target, especially for older people. Three in five individuals over the age of 75 reported receiving a potential scam call to their landline. These statistics highlight the pervasive nature of the issue.

Fighting Back Against the Scammers

Regulators are actively working to combat this scourge. Ofcom has already implemented measures that have led to a million scam calls a day being blocked. A key strategy has been to target "spoofing," where criminals fake a UK number to appear more legitimate. Last year, guidance was issued to block calls originating from abroad that faked a UK landline number. More recently, Ofcom has proposed new rules requiring telephone companies to withhold the caller ID of calls coming from abroad that appear to be from a UK mobile, unless the number's validity can be verified.

The Limits of the Law

Despite Operation Pelham's success, the ultimate repercussions for this extensive criminal enterprise may seem underwhelming to many. Violations of the 2018 Data Protection Act, which include stealing data, are typically met with fines. Individuals found guilty of hacking under the Computer Misuse Act are anticipated to be given suspended sentences. The ICO’s legal representatives stated they have no role in the sentencing process, and the court is obligated to issue sentences that fall within the legal maximums. This means it is probable that all the convicted men will avoid prison.

A Fugitive Still at Large

Although Operation Pelham has resulted in eight convictions, the case is not entirely closed. The ICO has verified that a 33-year-old man, Jamie Munro, is wanted on three counts connected to this case and has vanished, with officials believing he is now abroad. His absence means that a key figure in the conspiracy has yet to face justice. Furthermore, the ICO has declared a secondary phase of its probe. This subsequent stage will examine the involvement of people within insurance companies and claim management firms, indicating the illegal data trade network is more extensive.

A Legacy of Resilience

In the County of Durham, the Reeds express pride in the part they took in exposing the network. Mostly, however, they are eager to return to their normal lives. Michael reflected on the long history of their company, showing a monochrome picture of his parents, beaming in front of the first garage. He feels that businesses like theirs are the nation's foundation and must be ready to defend themselves. For the Reed family, this decade-long ordeal is another chapter in their 55-year history. They have handled it, just as they have overcome more difficult challenges. Michael believes everything they do is a challenge, and if it were simple, it would not be fitting for the Reed family.