Ex RSA employee has been jailed for stealing customer details and selling them to claims management organisations.

A former RSA employee has been jailed for stealing customer details, which he then went on to sell to claims management organisations.

Karl Yates, 40, of no fixed address stole customer data that was associated with non-fault road traffic claims from his employers systems while he was employed by RSA.

Although Mr Yates was not authorised to access RSA's customer data, he did and then passed the details on to a claims management company who used the information to cold call drivers and pressurise them into making personal injury and damage claims against the insurance industry. 

Following a trial at Liverpool Crown Court, Yates was found guilty of fraud by abuse of position and computer misuse on 8th November 2023 and was sentenced to 28 months imprisonment at the same court on 11 December 2023.

“Yates took advantage of his position of trust by stealing confidential data for over a year. He copied down customer records and took pictures of them on his mobile phone, gathering enough details so that the phone calls from the cold calling companies would sound legitimate.

“Yates’ actions could have seriously harmed RSA’s reputation. As well as being distressing for customers, the cold calls could have caused members of the public to unintentionally submit fraudulent claims across the insurance industry.

“Unfortunately for Yates, his plan backfired and we found clear evidence of his scheme when we arrested him. We hope this sends a clear message to anyone thinking of doing something similar – not only will you lose your job, you could face a prison sentence too.”

The theft was discovered by RSA, following controls identifying issues and customer complaints, which reported it to the Insurance Fraud Enforcement Department (IFED) at the City of London Police in September 2020.

After it was bought to their attention during the peak of the coronavirus pandemic in 2020, RSA researched all of those who had complained and identified that Yates had accessed their records when he was not authorised to do so.

After further enquiries, IFED officers went to Yates’ residence at the time to arrest him. Yates was logged into his work computer and pages of handwritten notes, which contained the details of customers whose accounts he had recently accessed, were found next to the screen.

Officers seized £2,200 in cash, documents containing customer details and a mobile phone from Yates’ address. An examination of the mobile phone found that it contained over 100 images of typed pages of customer details.

“We have strong fraud detection and prevention and data security controls at RSA. Where we identify any potential wrongdoing, we’ll investigate and take strong action against those responsible – as demonstrated here – to prosecute and ensure they’re brought to justice.

“RSA was the victim of a crime committed by an employee in this instance and we took swift action to protect our customers. We’re pleased with the outcome of the investigation and today’s judgement and sentencing.”

During his police interview, Yates made no comment other than to confirm his mobile telephone number.