Hacker stole personal data of thousands of Sky Insurance customers | #cybersecurity | #cyberattack


A computer hacker stole the personal data of thousands of Sky Insurance customers to sell in exchange for Bitcoin.

Jack Clements harvested people’s email addresses, passwords and car insurance information contained in databases he illegally downloaded.

The then 20-year-old also targeted customers of American company Hairmax, which has offices in the UK selling hair related products.

READ MORE: Pensioner with ‘loathsome’ child pics told he faces jail

But he was rumbled after he offered Sky Insurance records for sale for $900 of cryptocurrency, only for a buyer to complain he’d ripped him off.

North West Regional Organised Crime Unit (NW ROCU) cyber investigations team received information about a user on a website called raidforums.com in March 2021.

Liverpool Crown Court heard the user was Clements, of Kramar Walk, Kirkby, who had created posts “offering for sale compromised databases containing company customer records”.

Claire Jones, prosecuting, said Clements offered a database for sale with more than 20,000 Sky car insurance records on October 28 last year.

On December 30 another user filed a “scam report” against Clements, stating he had sent him payment in Bitcoin to buy these records, but they hadn’t been delivered as promised.

The court heard the scam report, which included proof of payment and screengrabs of their conversations, resulted in Clements being banned from the website.

Ms Jones said: “During that chat the defendant had provided a sample of 100 records from the database in question, which contained insurance data.

Computer hacker Jack Clements

“The information contained personal information – name, address, vehicle, email accounts, driving licence numbers, etc.”

Police raided Clements’ home on March 31, when he was arrested and his electronic devices seized, before he gave a no comment interview.

He was released pending further investigation, but the devices revealed he had hacked databases from other websites.

This included six Hairmax files, between August 29 and October 29, 2020, and 25 Sky Insurance files, between October 26 and December 22, 2020.

Sky Insurance contacted the police that November saying they suspected the administration area of their website had been hacked. When police contacted Hairmax, the American firm was unaware of any hack.

Clements was interviewed by police again on June 9, when he gave a prepared statement, admitting he had hacked both companies and suspected he had committed Computer Misuse Act offences.

Ms Jones applied for the forfeiture and destruction of Clements’ devices.

Clements, now 21, who has no previous convictions, admitted two counts of unauthorised computer access with intent to commit fraud.

He sat slouched in his seat in the dock as Charles Lander, defending, said he was a “backstreet hacker” rather than a criminally sophisticated crook.

Liverpool’s courts are some of the busiest in the UK, with a huge variety of cases being heard each week.

To get a behind the scenes look at how they work and the moments that don’t make our stories, subscribe to our free weekly Echo Court Files newsletter, written by court reporter Neil Docking.

How do I sign up?

It’s free, easy and takes no time at all.

  1. First just click on this link to our newsletter sign-up centre.
  2. Once you’re there, put your email address where it says at the top, then click on the Echo Court Files button. There are other newsletters available too if you want them as well.
  3. When you’ve made your choice, press the Save Changes button at the bottom.

Mr Lander said: “He had no idea his behaviour would land him in a crown court, potentially on the brink of an immediate custodial sentence.”

He said Clements led a “rather isolated life” and “doesn’t move much out of his home and clearly wasn’t moving much from his computer”.

The lawyer said Clements lived with his mum, who has learning disabilities, and urged the judge to spare him jail.

He said: “If he goes to prison, she loses the one person in her home who assists her.”

Judge Denis Watson, QC, said Clements hacked information from databases of “contacts, customers and suppliers”.

Video Loading

Video Unavailable

He said the Hairmax information included the email addresses, usernames and passwords of customers – their “sign in details” – plus transaction history, “all of which could be put to illegal profit and use potentially by others, who would be able to access their email accounts and if common passwords are used for more than one site, then access those sites”.

The judge said: “The potential is obvious and the criminal advantage to be gained is also obvious, which is why you were advertising it for sale.”

Judge Watson said the information “harvested” from Sky Insurance was of greater value, as he not only obtained email addresses, passwords, details of vehicles insured and driving licence numbers, but also personal details including addresses and dates of birth.

Pictured is Liverpool Crown Court

Join more than 56,000 other people who are members of our Liverpool court cases and crime stories Facebook group and you’ll get access to all the latest stories from court reporter Neil Docking.

It will feature reports from Liverpool Crown Court and crime cases connected to Merseyside.

To join and get updates, click here and you can also follow Neil’s Facebook page here.

You can also sign up to our court newsletter here and get a twice weekly roundup of court cases sent your email inbox for free.

He said: “The potential for a direct attack on an individual or for identity fraud with those sorts of details is significant.”

The judge accepted Clements hadn’t been able to access bank account details.

However, he said: “It seems to me that you realised the quality of the information you got in the first hack was not as good as you hoped, so you went on and hacked a further organisation and obtained greater detail, which would be more marketable.”

Judge Watson said he took a starting point of 18 months in prison, which he reduced to 15 months to take into account Clements’ age and good character, before reducing it by a third because of his guilty pleas.

Jack Clements, 21, of Kramar Walk, Kirkby
Jack Clements, 21, of Kramar Walk, Kirkby

He said: “Of course you have no previous convictions, but I regret this is a case in my judgement where appropriate punishment for this, which is a very serious matter, can only be achieved by immediate custody.”

The judge reduced the sentence further to eight months in jail because it would be Clements first time behind bars and served during a pandemic.

Speaking after the case, Detective Inspector Chris McClellan, from the North West Regional Organised Crime Unit, said: “Today’s sentence will ensure Clements cannot continue with this kind of criminal activity.

“Our Cyber Crime Team remain committed to pursuing and identifying anyone involved in this kind of crime and ensuring they are investigated fully and brought before the courts.”

NW ROCU urge the public to help protect themselves from becoming a victim of cyber-crime by following some simple advice.

Check if your personal data – email and phone numbers – has been included in previous data breaches by visiting www.haveibeenpwned.com.

If you discover you have been breached, don’t panic. Change your passwords on the compromised accounts and ensure they are new strong separate password for each.

Use a strong and separate password for your email account.

Create strong passwords using two random words.

Save your passwords in your browser – this is safer than using weak passwords or the same password for each site.

Turn on two-factor authentication (2FA).

Update your devices.

Back up your data.

Visit https://www.ncsc.gov.uk/cyberaware/home for help with picking secure passwords and advice on 2FA.

Receive newsletters with the latest news, sport and what’s on updates from the Liverpool ECHO by signing up here





Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

+ five = thirteen