A former employee of Virgin Media O2, Mr Luke Coleman, was prosecuted by the Financial Conduct Authority (FCA) and pleaded guilty to unlawfully obtaining and disclosing personal data in breach of the Data Protection Act.
The FCA's case
Mr Coleman, who was employed by UK mobile carrier Virgin Media O2, sold confidential customer data to a family friend, Nicholas Harper, for use in a boiler room fraud. The boiler room scam was said to have taken over £1.5 million between 2017 and 2019 from 65 investors through cold calls selling fake crypto investments. In July 2025, two individuals, Raymondip Bedi and Patrick Mavanga, were given custodial sentences of over five years and over six years respectively for their roles in the crypto fraud.
Mr Harper, the family friend, had pleaded guilty on 1 September 2025 to encouraging or assisting an offence to be committed in breach of the Data Protection Act. Mr Harper was subsequently acquitted of conspiracy to defraud and an offence related to carrying out regulated activity in the UK without FCA authorisation.
Mr Coleman was fined £384 by the court on 29 October 2025 (a fine is the maximum penalty for this offence), along with a £38 surcharge and prosecution costs contribution of £500.
Steve Smart, joint executive director of enforcement and market oversight at the FCA, commented: "Coleman abused his position of trust and enabled others to commit crimes which led to huge financial and emotional consequences for victims."
Comment
The FCA's intention to prosecute and punish those who enable financial crimes to be committed is clear: "Going forward, those who enable crime should be clear that we will use all of our powers to hold them to account." This case represents the FCA's first prosecution under data protection legislation.