Employees at foreign call centres that were engaged by claims management companies have stolen customer data that was later used to launch email scams in the UK, the Gazette has learned.

The Ministry of Justice claims management regulator said this week that, after some claims management companies had ended business relationships with call centres, employees at the call centres had stolen the data and passed it on to email scammers, or used it to launch their own scams.

The claims regulator, the Direct Marketing Association (DMA) and the Information Commissioner’s Office are looking at these and other data protection breaches as part of a joint investigation. They are attempting to track the flow of UK consumer data across borders and between industries, in order to find the source of breaches.

Research unveiled by the DMA this week revealed that 78% of consumers trust the legal services industry to correctly handle their personal data – more than in any other industry.

Kevin Rousell, head of claims management at the MoJ, said that the email scams often involve asking consumers to transfer money electronically to the scammers, with a promise that more money will be sent back to the consumer. He said that the matter has been reported to Action Fraud, the UK’s consumer fraud reporting centre.

‘When you have so much data flowing around, its origins sometimes become a bit obscure,’ he said. ‘Unsolicited marketing is a real nuisance to people, but behind that there may be other data misuses.

‘We are interested in discovering breaches of our marketing rules. Some claims management companies are trying to push the envelope, but not checking that the information they have been given is clean.’

Solicitors breach code of conduct rules if they accept referrals from claims management companies that have sourced claims inappropriately.