The Financial Conduct Authority has brought its first prosecution under the Data Protection Act 2018, after Taunton-based Luke Coleman pleaded guilty to unlawfully obtaining and disclosing personal data. Coleman, an employee of Virgin Media O2, sold confidential customer information to family friend Nicholas Harper for use in a boiler room fraud. Coleman was fined GBP 384 and ordered to pay a GBP 38 surcharge and a GBP 500 contribution to prosecution costs, with a fine the maximum penalty for this type of offence under section 170(1) of the Data Protection Act 2018. Harper had earlier pleaded guilty to assisting an offence under the Act but was later acquitted by a jury of conspiracy to defraud. The FCA linked the data misuse to a crypto scam for which Raymondip Bedi and Patrick Mavanga were sentenced to a combined 12 years’ imprisonment after defrauding at least 65 investors of GBP 1,541,799; Coleman was suspended by his employer pending the criminal investigation.
Financial Conduct Authority 2025-12-15
Financial Conduct Authority secures first Data Protection Act prosecution as Virgin Media O2 employee fined GBP 384 for selling customer data used in boiler room fraud
The Financial Conduct Authority (FCA) conducted its first prosecution under the Data Protection Act 2018, with Luke Coleman pleading guilty to unlawfully obtaining and disclosing personal data. Coleman, an employee of Virgin Media O2, sold confidential customer information linked to a crypto scam causing significant investor losses. He was fined GBP 384, with additional costs, while his employer suspended him pending investigation.