Personal data stolen from garages helped fuel illegal PI claim calls; Eight men now face sentencing
One of the UK’s largest personal injury data conspiracies has been exposed after eight men were found guilty of harvesting private information from vehicle repair garages to generate fraudulent claim leads.
Following a ten-week trial at Bolton Crown Court, a jury convicted Craig Cornick, 40, a north-west legal sector figure and director of IQuote Ltd, of conspiring to unlawfully obtain personal data, contrary to the Data Protection Act. The data was sold to claims management firms, enabling them to bombard individuals with unsolicited personal injury calls—a practice described by investigators as both “predatory” and distressing.
Cornick, a former director at High Street Solicitors, was acquitted of a second charge of conspiracy to access computer systems without authority. His co-defendant Thomas Daly, 35, was also cleared of that charge but had earlier admitted to two counts of unlawfully obtaining data.
The Information Commissioner’s Office (ICO) led the investigation, executing nine warrants across Macclesfield and Manchester and seizing an enormous haul: over 4.5 million documents, 241,000 emails, 144,000 spreadsheets, and 1.5 million images. According to the ICO, it was “the widest body of evidence” ever compiled by their office.
ICO Head of Investigations Andy Curry said the case unearthed a “vast, murky criminal network” exploiting sensitive crash details. “Most of us have had nuisance calls asking if we’ve been in a crash,” he said. “At best they’re annoying. At worst, they terrify vulnerable people and damage trust in legitimate businesses.”
The scheme operated from 2014 to 2017, with around one million records accessed and resold. The data had been lifted from garages across England, Scotland, and Wales—initially flagged when a County Durham garage owner noticed customers blaming him for persistent PI calls.
Embed from Getty ImagesCornick maintains his innocence, vowing to appeal the guilty verdict. In a statement, he claimed no evidence linked him or his company to the stolen data. “I was relieved to be cleared of serious hacking accusations. The court relied on just 32 lines of data, none of which could be traced to me,” he said. “I reject any notion of wrongdoing.”
Six other men previously pleaded guilty:
- Vincent McCartan, 30 (Failsworth): guilty of both conspiracy to unlawfully obtain data and unauthorised system access.
- Ian Flanagan, 40 (Macclesfield): same charges.
- Mark Preece, 44 (Manchester): same charges.
- Kiernan Thorlby, 35 (Macclesfield): same charges.
- Fahad Moktadir, 32 (Stockport): guilty of unlawfully obtaining data.
- Adam Crompton, 35 (Northwich): guilty of two counts of unlawfully obtaining data.
All eight are due back in court on 11 July for a Proceeds of Crime Act hearing and cost discussions, with sentencing expected thereafter.
The ICO’s investigation isn’t over. Officials confirmed a second phase is underway, probing possible involvement from insiders at insurance firms and claims management companies.
For now, the case stands as one of the most significant ever tackled by UK data regulators, with far-reaching implications for how sensitive data is protected in industries connected to motor accidents and personal injury litigation.
