RAC Details

    Organization Logo

    RAC

    Walsall, West Midlands4000 employees • Transportation

    https://www.rac.co.uk
    United Kingdom

    Industry

    Transportation

    Security Incidents

    1

    RAC Limited is a British automotive services company that primarily provides roadside assistance and other motoring services. The company was founded in 1897 as the Automobile Club of Great Britain to advocate for drivers' interests while promoting the development of motoring in the UK. Over time, it has evolved into a leading provider of vehicle and breakdown services, serving millions of customers with a fleet of patrol vehicles equipped with advanced diagnostic tools and equipment.

    In addition to its core roadside assistance services, RAC offers a variety of motoring-related products, incl...
    Show more

    Security Incidents

    RAC Breach of Oct 2024
    Severity Score
    Moderate

    Type

    Insider Threat

    Summary

    In early October 2024, two former employees of the RAC, a roadside assistance company, were sentenced following an incident where they illegally accessed and sold personal data of individuals involved in traffic accidents. Debbie Okparavero and Maliha Islam, who worked at RAC's call center in Stretford, were discovered copying and distributing this information, totaling about 29,500 lines of data. The breach was identified through security monitoring software deployed by RAC, which detected unauthorized access by Okparavero, who then shared the data with Islam via WhatsApp.

    The Information Co...
    Show more

    Severity

    The recent data breach at the RAC led to the illegal copying and sale of approximately 29,500 lines of personal information belonging to crash victims by two former employees. The breach was discovered through the company's proactive security monitoring system, and the individuals involved were swiftly reported to authorities, resulting in legal action. Although the RAC effectively identified and reported the misconduct, the recurrence of similar incidents suggests vulnerabilities in its data protection practices.

    This incident ranks as a "Moderate" severity level on the scale due to the sign...
    Show more

    Impact

    This incident represents a data breach involving the unlawful access and sale of personal data related to road accident victims by two former employees of the roadside assistance provider, RAC. The personal information of approximately 29,500 individuals was compromised and sold, suggesting a potential market demand for such sensitive data. Fortunately, no systems or services were reported to have been taken offline, indicating that the breach primarily involved unauthorized data exfiltration rather than system disruption.

    RAC's swift action in monitoring and identifying this misconduct allow...
    Show more

    KEEP YOUR ENVIRONMENT SECURE

    Weak credentials are the leading cause of breaches. Beyond Identity can help.

    See MFA exploits in action
    Watch how adversaries exploit companies in quick videos