Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Blue-chip hacking scandal: FBI will be asked to investigate corporations accused of illegally accessing data on private individuals

Information Commissioner to request US authorities look into eight implicated companies

Tom Harper
Thursday 06 February 2014 16:48 EST
New method of DoS attack exploits flaw in thousands of 'time keeping servers' that keep internet-connected devices running on the same clock
New method of DoS attack exploits flaw in thousands of 'time keeping servers' that keep internet-connected devices running on the same clock (Getty Images)

The blue-chip hacking scandal has taken a new twist as it emerged that the FBI is set to be called in to investigate eight companies accused of hiring UK-based private investigators that illegally obtained private information about the public.

The Information Commissioner has announced he will contact authorities in America after his inquiry found several US companies employed British rogue PIs that hacked, blagged and stole sensitive data. The investigation by the Information Commissioner’s Office (ICO), which has also uncovered “significant” documentary evidence of criminal offences by 11 UK-based clients, was launched last year after The Independent revealed that the Serious Organised Crime Agency (Soca) had ignored dozens of files on the PIs’ corporate clients.

In a letter to the Home Affairs Select Committee ahead of his appearance next week, the Information Commissioner revealed his investigation into the historical material – codenamed Operation Spruce – is set to take him to the US where he may seek co-operation with the FBI. Christopher Graham also revealed his investigators – backed by the National Crime Agency – were preparing “Demand for Access” notices to obtain further evidence from the 11 UK-based clients who hired four criminal investigators jailed in 2012 for conspiring to defraud by “blagging” – or stealing – personal information through phone calls to banks and companies.

He also refused to rule out using search warrants if the organisations failed to comply with his requests.

“The documentary evidence we hold in relation to these clients is considered significant, and this gives us the best opportunity of instigating criminal proceedings,” Mr Graham said in his letter to the Home Affairs Select Committee.

Chairman Keith Vaz said: “The Information Commissioner’s findings clearly reveal significant evidence of criminal wrongdoing by clients in data which was held by Soca for so many years.

“The Commissioner has been refreshingly proactive in his approach to this investigation, in direct contrast to what went before. It is important that this approach continues and those who have broken the law are brought to justice.

“The committee will be looking to ascertain a timetable for the further investigation and potential prosecutions when the Commissioner appears before it on Tuesday. It is vital that the victims are not forgotten and that justice prevails.”

Last June, The Independent revealed that a Soca investigation into the PIs, which first started in 2006, had uncovered an array of blue-chip clients that had hired the rogue PIs and helped to fuel the unlawful trade in personal data.

The four PIs were jailed for minor offences in 2012, but the organisations that hired them escaped scrutiny until The Independent’s disclosures last year.

The case raised accusations of double standards at a time when the press is at the centre of the largest criminal investigation in British history over practices which include the hiring of corrupt private eyes.

Following months of pressure to identify the clients, Trevor Pearce, the agency’s Director-General, eventually agreed to pass files on 98 clients over to the ICO last August to investigate for criminal breaches of the Data Protection Act (DPA).

In his letter to Mr Vaz, Mr Graham said: “Nineteen clients are active and there is evidence of a criminal breach and civil breach of the DPA. However, eight of these are based outside of our jurisdiction.

“There are 42 clients that are active and, while there is no evidence of a criminal breach of the DPA, further inquiries are required to determine their exact status in relation to a potential civil breach of the DPA.”

Mr Graham also revealed that the National Crime Agency – which took over from Soca last year and is helping with the ICO’s inquiries – had established most of the overseas blue-chip clients in question were based in the United States.

He said: “Our plan is to contact the US Federal Trade Commission and seek their assistance in contacting the relevant authority, which may be the FBI, and request a research profile on the organisations and individuals concerned.”

The names of almost 100 blue-chip companies identified by Millipede – the Soca investigation into PIs – were handed to the Home Affairs Select Committee in July. But the agency’s then chairman, Sir Ian Andrews, communicated the agency’s decision – in which he subsequently explained he played no part – to classify the list to protect the “financial viability of major organisations” rather than “tainting them with public association with criminality”.

One week later he resigned after it emerged that he had failed to declare to the committee that he owned a private company with his wife. The list remains under wraps with the Home Affairs Select Committee.

Those on the client list compiled by Soca reportedly include X Factor mogul Simon Cowell, accountancy firm Deloitte, the banks Credit Suisse and Chase Manhattan, and the law firms Richards Butler (now Reed Smith), Herbert Smith Freehills and Clyde and Co. There is no suggestion they knew that the private detectives they employed may have been breaking the law.

After The Independent broke the scandal, Graham Freeman, one of the private investigators, said: “If they were to name our clients, on the evidence we were charged on, our clients would be open to the same conspiracy [charges].

“Soca doesn’t want to give up the Millipede names because if they did, they would be forced to investigate them and charge them for conspiracy to defraud as they did us. On that list are the names of law firms, banks and insurance companies who all used private detectives for all sorts of reasons.”

Quest for truth: How Soca came clean

22 June The Independent reveals Soca sat for years on evidence some of Britain’s most respected companies hired rogue private eyes.

18 July The Independent reveals Soca had declared the clients should not be identified because it would damage their commercial interests.

22 July The Independent reveals Sir Ian Andrews, then Soca chair, failed to declare he had a management consultancy company with his wife.

24 July Soca passes the list of 102 blue-chip companies to the Home Affairs Select Committee, but classifies the information to save companies being “tainted with public association with criminality”.

1 August Sir Ian resigns.

31 August Soca finally hands the historic evidence on 98 blue-chip clients to the Information Commissioner.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in