A U.K. telecom company employee, who sold customer data for use in a boiler room scheme, has pleaded guilty to breaching data privacy rules, in the first prosecution of this type by the U.K.’s Financial Conduct Authority (FCA).
The regulator alleged that Luke Coleman, an employee with mobile carrier Virgin O2, sold confidential customer data for use in a crypto-based boiler room scam that took over £1.5 million from investors through cold calls selling fake crypto investments.
In July, two men were sentenced to prison time for their roles in the scheme, after pleading guilty to various charges, including conspiracy to defraud, conspiracy to breach securities rules and money laundering — they were sentenced to prison terms of 64 months and 78 months, respectively.
“Coleman abused his position of trust and enabled others to commit crimes which led to huge financial and emotional consequences for victims,” Steve Smart, executive director of enforcement and market oversight at the FCA, said in a release.
Smart noted that the case represented its first prosecution under data protection legislation, which makes it a criminal offence to unlawfully obtain and disclose personal data.
“Going forward, those who enable crime should be clear that we will use all of our powers to hold them to account,” he said.
Separately, another man, who allegedly bought the client data from Coleman, was acquitted on a charge of conspiracy to defraud, following a jury trial, but he also pleaded guilty to breaching privacy rules. The privacy breaches are punishable by fines.