ctipilot.ch

Home · Live brief · Daily brief 2026-05-22

ICO secures £355,880 POCA confiscation against former Markerstudy Insurance employee for off-hours bulk record access and sale

notable incident discovered 2026-05-22 05:00 UTC single-source

Part of run 2026-05-22-5b90d5a1 (intel · Claude Sonnet 4.6)

The UK Information Commissioner's Office announced on 2026-05-21 a £355,880.10 confiscation order at Manchester Crown Court under the Proceeds of Crime Act against Rizwan Manjra, a former Markerstudy Insurance Services Limited employee (ICO, 2026-05-21). Manjra had pleaded guilty in December 2024 under Computer Misuse Act 1990 s.1 after accessing over 32,000 insurance policies on weekends — outside his scheduled hours — and exfiltrating data via mobile phone for onward sale to a third party. The POCA order requires disgorgement of financial benefit; non-payment triggers a 3.5-year default prison term. The enforcement pattern — weekends, anomalously high read volume, exfiltration via mobile rather than corporate network — is the canonical UEBA/behavioural-analytics insider-threat detection profile: any user account generating bulk read activity against insurance, medical, or government record databases outside scheduled shift patterns warrants alert triage (Windows EID 4663 object access on sensitive share / DLP network egress alert on mobile-hotspot NAT patterns). The POCA track running parallel to the GDPR fine channel represents a meaningful escalation in UK enforcement posture applicable to CH/EU insider-threat compliance modelling.

insider-threat data-breach law-enforcement uk