Data

Strengthening Fraud Prevention Through Collaboration and Data

At the Midlands Fraud Forum, we’ve long championed the power of cross‑sector collaboration, shared intelligence, and proactive prevention in reducing fraud risk. Recent government results underscore why this approach matters now more than ever.

According to new figures from the Public Sector Fraud Authority, the UK delivered £7.53 billion in taxpayer savings last year—a clear demonstration of what can be achieved when data, expertise and partnerships align. Central to this progress is the use of data‑matching capabilities such as the National Fraud Initiative, which enables public bodies to identify anomalies and stop fraud earlier by securely comparing information across datasets.

For us at MFF, this reinforces a simple truth:

Fraud prevention isn’t the responsibility of one organisation or one sector. It succeeds when government, enforcement, industry and practitioners come together—sharing knowledge, tools and experience.

As data‑matching, analytics and capability continue to mature, so does the

“Protecting people must be the priority – I am warning organisations today that data protection law is not an excuse and it does not stop you sharing data that may assist with tackling fraud,” said Stephen Almond.

The UK’s data protection regulator, the Information Commissioner’s Office (ICO), has called on organisations across the country to share personal information responsibly to protect customers from scams and fraud.

The Information Commissioner said the breach was the “perfect storm of risk and harm”.

The PSNI is facing a £750,000 fine after the Information Commissioner’s Office (ICO) identified a “tangible threat to life” following a huge data breach last year.

Details of approximately 10,000 PSNI officers and staff were inadvertently published online in response to a Freedom of Information (FOI) request last August.

A former Management Trainee at Enterprise Rent-A-Car UK Limited ("Enterprise Rent-A-Car") has been ordered to pay a fine after admitting he illegally obtained customer data between 18 March 2019 and 1 April 2019.

https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/05/car-rental-manager-fined-after-unlawfully-obtaining-customer-data/

Businesses should expect the UK’s Information Commissioner’s Office (ICO) to undertake more ‘own initiative’ investigations into compliance with UK ‘cookie laws’ in the months and years ahead, an expert in data protection and privacy law has said.

https://www.pinsentmasons.com/en-gb/out-law/news/uk-cookie-law-enforcement-not-dependent-on-complaints

Telecommunications giant AT&T Inc. (NYSE:T) recently disclosed a significant data breach dating back to 2021 that resulted in the exposure of sensitive information belonging to 73 million users and is now circulating on the dark web.

The leaked data includes a wealth of personal details such as Social Security numbers, email addresses, phone numbers and dates of birth, affecting both current and former account holders. AT&T revealed that among the impacted people, 7.6 million are current account holders.

Data protection law in the UK is in a state of change, with uncertainty for organisations arising from recent reforms to retained EU law and the prospect of further reforms to follow as the Data Protection and Digital Information (No. 2) Bill proceeds through parliament.

https://www.pinsentmasons.com/en-gb/out-law/analysis/impact-of-retained-eu-law-reforms-on-data-protection

A group of workers at Manchester United are suing the football club for an HR data breach, according to a lawyer leading the action.

The club could face a damages claim totalling £100,000 after it accidentally emailed the staff wage slips of 167 colleagues to an entire pool of casual catering and hospitality staff.

A former insurance company employee who stole customer details and sold them to claims management companies has been jailed.

Karl Yates, 40, of no fixed abode, accessed customer data associated with non-fault road traffic claims from Royal Sun Alliance (RSA) systems while employed by them, when he was not authorised to do so.

A group of cyber criminals known for undertaking ransomware attacks on businesses has notified a US regulator about an alleged cybersecurity breach it was responsible for, alleging that the victim also failed to comply with data breach reporting requirements.

https://www.pinsentmasons.com/out-law/news/hackers-blow-regulatory-whistle-over-data-breach