’RSA was the victim of a crime committed by an employee in this instance and we took swift action to protect our customers,’ says head of counter fraud

A former RSA employee who stole customer details and sold them to claims management companies has been jailed.

Karl Yates, 40, of no fixed abode, accessed customer data associated with non-fault road traffic claims from RSA systems while employed by them, when he was not authorised to do so.

He then passed the details on to claims management companies, which used the information to cold call the drivers involved and pressurise them into making personal injury and damage claims against the insurance industry.

RSA discovered the theft, which ocurred in 2020, after its controls process identified issues and customer complaints – this was then reported to the Insurance Fraud Enforcement Department (Ifed).

The insurer then researched all of those who had complained and identified that Yates had accessed their records despite not being given permission.

Adele Sumner, head of counter fraud and financial crime at RSA UK and International, said: “We have strong fraud detection and prevention and data security controls at RSA. Where we identify any potential wrongdoing, we’ll investigate and take strong action against those responsible – as demonstrated here – to prosecute and ensure they’re brought to justice.

“RSA was the victim of a crime committed by an employee in this instance and we took swift action to protect our customers.”


After further enquiries, Ifed officers went to Yates’ residence at the time to arrest him.

Yates was logged into his work computer and pages of handwritten notes, which contained the details of customers whose accounts he had recently accessed, were found next to the screen.

Officers also seized £2,200 in cash, documents containing customer details and a mobile phone from Yates’ address.

An examination of the mobile phone found that it contained over 100 images of typed pages of customer details.


Karl Yates (c)City of London Police

Yates was found guilty of fraud by abuse of position and computer misuse on 8 November 2023 following a trial at Liverpool Crown Court.

He was sentenced to 28 months imprisonment at the same court on 11 December 2023.

Detective Sergeant Matt Hussey, from Ifed, said: “Yates took advantage of his position of trust by stealing confidential data for over a year. He copied down customer records and took pictures of them on his mobile phone, gathering enough details so that the phone calls from the cold calling companies would sound legitimate.

“Yates’ actions could have seriously harmed RSA’s reputation. As well as being distressing for customers, the cold calls could have caused members of the public to unintentionally submit fraudulent claims across the insurance industry.

“Unfortunately for Yates, his plan backfired and we found clear evidence of his scheme when we arrested him. We hope this sends a clear message to anyone thinking of doing something similar – not only will you lose your job, you could face a prison sentence too.”