RMI Bodyshops exposes data leaks

RMI Bodyshops (NAB and VBRA) has informed ‘the necessary authorities’ of a potential breach of management system data handling following member reports.

In a statement, RMI Bodyshops said that for several months, it has been undertaking an investigation into a potential breach of repairer management systems confidentiality and the apparent release of personal data to third party legal firms and accident management companies.

The association claims, ‘Market intelligence brought to us by a number of our members has shown that driver’s and customer’s personal data, including phone numbers and addresses, appears to have been accessed by third parties not involved in the repair of the vehicle.’

Jason Moseley, executive director at RMI Bodyshops said, ‘We have direct evidence that data entered into bodyshop systems has found its way, in a matter of hours, into the hands of third party organisations.

‘We have been analysing, with our members, the terms and conditions of the various agreements in place with repairer management systems, whether they are entitled to do this and the nature, scope and validity of such activity.

‘As part of an internal investigation, one of the bodyshops involved entered fictitious data into the system to attempt to draw out a reaction.  Within a few hours of this data entry, a call was received from an accident management company trying to leverage a compensation claim.

‘RMI Bodyshops and its members informed the necessary authorities and have been working together with them behind the scenes.

‘We do not yet know if these actions are legitimate disclosures, the result of a cyber-attack or a physical breach of such systems, so we have taken no chances and launched an investigation. We will be pushing hard with our members to bring more transparency and collaborating with the necessary authorities. We must get to the truth.’