Have you had an accident recently? Investigation into breach of repairer management system

Securious RMI cyber breach.001

The Retail Motor Industry Federation (RMI) is investigating how driver and customer data appears to have been accessed by third parties and used by accident management companies to leverage claims.

Many of us have received calls or texts referring to ‘your recent accident’ and quite often we put this down speculation on the part of the accident management companies, but this report by the RMI suggests that there may be something to concerns that information on databases has been used inappropriately by accident management companies to help them identify potential claimants, although it is not yet clear how the information has been obtained.

For several months, RMI Bodyshops (NAB & VBRA) has been undertaking an investigation into a potentially serious breach of repairer management systems confidentiality and the apparent release of personal data to third party legal firms and accident management companies.

Market intelligence brought to us by a number of our members has shown that driver’s and customer’s personal data, including phone numbers and addresses, appears to have been accessed by third parties not involved in the repair of the vehicle.

Jason Moseley, Executive Director at RMI Bodyshops comments, “We have direct evidence that data entered into bodyshop systems has found its way, in a matter of hours, into the hands of third party organisations.

“We have been analysing, with our members, the terms and conditions of the various agreements in place with repairer management systems, whether they are entitled to do this and the nature, scope and validity of such activity.

“As part of an internal investigation, one of the bodyshops involved entered fictitious data into the system to attempt to draw out a reaction. Within a few hours of this data entry, a call was received from an accident management company trying to leverage a compensation claim.

“RMI Bodyshops and its members informed the necessary authorities and have been working together with them behind the scenes.

“We do not yet know if these actions are legitimate disclosures, the result of a cyber-attack or a physical breach of such systems, so we have taken no chances and launched an investigation. We will be pushing hard with our members to bring more transparency and collaborating with the necessary authorities. We must get to the truth.

“Addressing this particular issue forms part of our overall strategy to ensure that bodyshops, and consumers, are treated fairly”.

Read more at Potential serious data breach for bodyshops and consumers

This is potentially another example of the commercial value of personal information and the need to ensure that the correct systems and procedures are put in place to secure it.

 Securious is a cyber security compliance company based in Devon serving businesses and organisations across the South West and beyond. We offer rapid Cyber Essentials certification, ISO 27001 Compliance and PCI DSS Compliance as well as PEN testing (penetration testing) and cyber security consultancy. 

 

Buying and selling hacked passwords - how does it work?
Cyber Insurance is only part of the solution for cyber security