National police agents have arrested 44 people in 12 provinces of Spain for fraudulent use of personal data for usurpation of users’ identities and hiring of unauthorized services, according to the National Police in a press release.
The goal was to enrich commissions with new commissions. They entered the personal databases of power companies to identify customers and transfer them to other service providers without their consent. 26 of the detainees were commercial workers, while the remaining 18 were administrators who in turn provided the databases.
The investigation began in September 2019, when agents received a complaint from the administrator of an electricity and natural gas distribution company alleging that unknown individuals pretended to be company workers and called customers. They knew all their personal, banking and delivery details and offered an estimated discount on the tariff, when in fact they switched to another electricity supplier without their knowledge.
In addition, the applicant company conducted an internal audit, during which it was found that there was unauthorized access to its databases. They were also able to establish that strangers had contacted the merchant who represented the customers and after answering security questions, they requested duplicate invoices to notify them of a change in their personal contact information to avoid possible change after the company changed. Counter-offer to a customer who did not know about their new registration. However, the electricity marketer who was recruiting new clients, after determining the method of collection, filed a complaint against several commercials because of the practice.
New registration fees in energy supply contracts
Investigators were able to confirm that the reason for such a practice was the receipt of a commission for new registrations by a company that fraudulently applied to clients. Agents also figured out how to register a company where new clients were registered, in turn giving new companies a subcontract to attract more clients, meaning that large amounts of personal data were leaked to such subcontractors.
After a three-stage operation, agents arrested a total of 44 people in 12 provinces – Barcelona, Cადიdiz, Castellონშიn, Ciudad Real, C კორrdoba, Huelva, Jaen, Madrid, Malaga, Murcia, Seville and Valencia – presumably. Participated in conspiracy to commit crimes against the market and consumers.
Although an economic estimate of the damage has not yet been published, it is estimated that up to 36,000 changes were made to the personal data, which in turn led to the loss of the affected company.
Investigators have reported these facts to the National Securities Market Commission (CNMV) Competition Directorate in case the companies’ commercial practices may constitute a breach of anti-competitive regulation.
The Spanish Data Protection Agency was also informed of safeguards and leaks of personal data of consumers in case they violated the data protection regulations by the call center companies examined by the contract distributors and marketers, which are subject to correction. Or sanction.
Source: El Diario