Home » Topics » Cybersecurity » Sky employee leaked customer data

Sky employee leaked customer data

Avatar photoby Ben Rossi

A former employee of satellite broadcaster Sky leaked customer data to a warranty and repairs business, the UK’s High Court has ruled.

In 2010, Sky became aware that customers were receiving calls offering them warranty extensions just before their standard warranties expired. It discovered that the companies making the calls, named Digital Satellite Services and Nationwide Satellite Services, were owned by the same people.

It sued the companies, alleging that they "unlawfully came into possession and made use of confidential customer data taken from Sky’s customer databases for the purpose of marketing extended warranty service plans."

During investigations, the source of the data was identified as Sky ex-employee Steven Lee, as some of the data concerned was only accessible to him.

Lee denied the charges, but could not offer any explanation of certain details of the case.

"In cross-examination, Lee accepted that Sky data which had been supplied to him alone ended up with Digital, in particular that a USB stick was plugged into his personal laptop on a number of occasions and contained Sky customer data which ended up with Digital," the judge, Sir William Blackthorne, ruled.

"He also accepted that one of his work laptops was used to create disks containing Sky data which ended up with Digital. (He conceded that, although it may previously have been used by another Sky employee, the laptop in question was in his possession when the disks were created.)"

The judge said he was "quite unpersuaded" by Lee’s attempts to explain how the data came into Digital’s hands.

"The probabilities are… that he passed the data to an ex-employee of Sky … who left Sky under something of a cloud and who then set up a television satellite dish repair business.

"I therefore find that Mr Lee is liable for misuse of Sky’s confidential information, infringement of its database right and breach of his employment contract with [Sky]."

Information Age asked the Information Commissioner’s Office whether Sky may have breached the Data Protection Act by failing to prevent an employee from stealing its data. A spokesperson said that if the person was a trusted employee who needed the data to do their job, then the ICO’s complaint would be against the employee, not the company.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Customer Data

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise