ICO secures £355,880 POCA confiscation against former Markerstudy Insurance employee for off-hours bulk record access and sale [SINGLE-SOURCE]
From CTI Daily Brief — 2026-05-22 · published 2026-05-22 · view item permalink →
The UK Information Commissioner's Office announced on 2026-05-21 a £355,880.10 confiscation order at Manchester Crown Court under the Proceeds of Crime Act against Rizwan Manjra, a former Markerstudy Insurance Services Limited employee (ICO, 2026-05-21). Manjra had pleaded guilty in December 2024 under Computer Misuse Act 1990 s.1 after accessing over 32,000 insurance policies on weekends — outside his scheduled hours — and exfiltrating data via mobile phone for onward sale to a third party. The POCA order requires disgorgement of financial benefit; non-payment triggers a 3.5-year default prison term. The enforcement pattern — weekends, anomalously high read volume, exfiltration via mobile rather than corporate network — is the canonical UEBA/behavioural-analytics insider-threat detection profile: any user account generating bulk read activity against insurance, medical, or government record databases outside scheduled shift patterns warrants alert triage (Windows EID 4663 object access on sensitive share / DLP network egress alert on mobile-hotspot NAT patterns). The POCA track running parallel to the GDPR fine channel represents a meaningful escalation in UK enforcement posture applicable to CH/EU insider-threat compliance modelling.