Data Theft Conviction: Munro and Chipoma Sentenced

ICO Enforcement

Filed February 11th, 2026

Detected March 18th, 2026

Summary

The ICO has announced the sentencing of Christopher Munro and William Chipoma for data theft and sale, involving over 400 UK garages. Both individuals received suspended prison sentences and community service after pleading guilty to offenses under the Computer Misuse Act and Data Protection Act 1998.

View original document View source feed page

What changed

The Information Commissioner's Office (ICO) has concluded a significant enforcement action with the sentencing of Christopher Munro and William Chipoma. These individuals were convicted for unlawfully accessing and selling personal data obtained from over 400 garages, claims management, and insurance companies. Munro accessed thousands of records and received £16,000, while Chipoma illegally accessed records and sold data, receiving £70,550. Both pleaded guilty to multiple offenses under the Computer Misuse Act 1990 and Section 55 of the Data Protection Act 1998.

This case highlights the severe consequences of data theft and unauthorized access within the financial and insurance sectors. Munro was sentenced to a 32-week suspended prison sentence and ordered to complete 150 hours of unpaid work. Chipoma received a 10-month suspended prison sentence and was ordered to complete 240 hours of unpaid work. The ICO is pursuing financial investigators to recoup the illicit gains made by the offenders under the Proceeds of Crime Act 2002. This action serves as a strong deterrent to individuals involved in similar data-related criminal activities.

What to do next

Review data access controls and employee vetting procedures.
Reinforce training on data protection obligations and consequences of breaches.
Cooperate fully with any ICO investigations into data misuse.

Penalties

Suspended prison sentences (Munro: 32 weeks, Chipoma: 10 months), community service (Munro: 150 hours unpaid work, Chipoma: 240 hours unpaid work), and potential confiscation of proceeds of crime.

Source document (simplified)

Christopher Munro and William Chipoma

Date 11 February 2026
Type Prosecutions Two further people have been convicted following our extensive investigation into the unlawful accessing and sale of personal information obtained from over 400 garages across the UK, as well as claims management and insurance companies.

Christopher Munro, 37, of Knutsford, Cheshire, and William Chipoma, 35, of Enfield, London, were charged after investigations uncovered their involvement in the theft and sale of personal data within the claims management sector.

Our enquiries revealed that Munro and Chipoma deliberately sought employment with the intention of stealing and selling personal data.

Munro, while working for two different companies during 2015 and 2016, accessed thousands of records without legitimate authority or consent, receiving payments totalling £16,000. He made multiple employment applications to claims management and insurance companies but left after short periods when unable to access personal data. He was charged with four offences: two under the Computer Misuse Act 1990 and two under Section 55 of the Data Protection Act 1998.

Chipoma illegally accessed records and sold personal data between 2015 and 2017, receiving payments totalling £70,550. He was also charged with four offences: two under the Computer Misuse Act 1990 and two under Section 55 of the Data Protection Act 1998.

Both men pleaded guilty to all offences at an earlier hearing.

Following this, both men appeared at Minshull Street Crown Court on 11 February 2026 where Chipoma was handed a 10 month prison sentence, suspended for 12 months, as well as being ordered to complete 240 hours of unpaid work. Whilst Munro was handed a 32 week prison sentence, suspended for 12 months, as well as being ordered to complete 150 hours of unpaid work.

This brings the total number of people prosecuted in our largest nuisance call investigation to 10. Three people have also been cautioned in relation to this case.

ICO Financial Investigators as well as external Financial Investigators are looking to recoup the financial benefits obtained by these offenders by utilising the Proceeds of Crime Act 2002.