RAC data breach: a lesson in data seeding

Earlier this month, a former RAC employee was sentenced to eight months’ imprisonment for stealing company data and sharing it with another firm.

An ICO (Information Commissioner’s Office) investigation revealed that Kim Doyle transferred RAC customers’ names, mobile phone numbers and registration numbers to accident claims management firm LIS Claims without authorisation.

LIS Claims then used this information to make nuisance calls.

The breach only came to light when a fleet management company, Arval, contacted the RAC regarding a phone call one of its drivers received about an accident he had been involved in.

An RAC investigation revealed the source of the leak, but one wonders why it took a complaint from a third party to unearth the incident.

Had the RAC seeded its data, it would have been able to quickly identify the source of data misuse and catch the employee in the act.

How data seeding works

Data seeding is the practice of planting dummy details in a database. It’s generally done to monitor how information is being used and to identify when it’s being used in an unauthorised way.

This not only helps you detect and address breaches but it can also act as a preventive measure. If your employees know that you are able to identify the source of breached information, they are less likely to attempt anything untoward.

Think of it like the scanners that many retailers install on their doors. These help the shop identify when someone is trying to steal their goods and make people think twice about doing it.

Data seeding can also be used as a proof of ownership, ensuring you know when data has – or hasn’t – come from your systems, and can be used to monitor the way third parties use information that you share with them.

Additionally, it can be used for process assurance, helping you follow a known user’s journey and the data flow.

If you collect it, protect it

You can find out more about data seeding with our dedicated services.

We provide unique seed records for you to add to your data supplies and then monitor how your data is being used by your partners, resellers or direct end clients.

The service works for email, physical mail, landlines and mobiles, building a detailed picture of the real use of your data.

There is increased regulatory pressure to prevent security incidents, with the GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018 in particular containing strict data protection requirements.

With today being Data Privacy Day, there has never been a better time to consider your data security measures.

This year’s campaign encourages you to “Own Your Privacy” by learning more about how to protect valuable data online, and to “Respect Privacy” by holding organisations responsible for the way they use personal data.

Get started by taking a look at our data seeding solutions.


  • Luke Irwin

    Luke Irwin is a former writer for DQM GRC. He has a master's degree in Critical Theory and Cultural Studies, specialising in aesthetics and technology.

    View all posts

Add a Comment

Your email address will not be published. Required fields are marked *