Exclusive: Blue-chip hacking scandal - at last, the investigations into those on Soca list begin

For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails

Sign up to our free breaking news emails

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Nineteen blue-chip clients of corrupt private investigators are to be investigated for criminal offences after disclosures in The Independent forced law enforcement agencies finally to act upon evidence they had buried for seven years.

The Information Commissioner’s Office (ICO) has announced that law firms, financial organisations and insurance companies are to be probed for unlawfully obtaining personal information on up to 125 victims.

Investigators from the ICO have spent two weeks examining 31 files of invoices, notes and reports originally seized by the Serious Organised Crime Agency (Soca) during an investigation that began in 2008. The 19 organisations being investigated on suspicion of knowingly commissioning criminality comprise five retailers, three insurers, four legal firms, two financial organisations and one construction company. Soca’s officers knew the private investigators had committed serious criminal offences, including computer hacking, as far back as 2006 – yet took no action.

A four-year investigation codenamed Operation Millipede ignored the worst offences, and the role of the clients who fuelled the unlawful trade in personal data. The four PIs were jailed for minor offences in 2012 but the organisations that hired them escaped scrutiny until The Independent revealed Soca’s inaction in June.

Trevor Pearce, the agency’s director-general, eventually agreed to pass files on 98 clients over to the ICO in August to investigate for criminal breaches of the data protection act. And today, the Information Commissioner, Christopher Graham, admitted that Soca’s inaction may have let some of the clients off the hook when he revealed that 12 of the companies were now inactive.

Keith Vaz, chairman of the Home Affairs Select Committee – which is investigating the case – said: “I am baffled that for over four years Soca failed to conduct a scoping exercise which has taken the ICO only two weeks to complete. These issues could have been dealt with years ago.”

In a letter to Mr Vaz, Mr Graham outlined the initial inquiries conducted by his investigators since they took possession of the material last month. He said: “From material examined, I can say that in the case of 19 clients falling into the category of active there is evidence of a section 55 and/or data protection breach... it appears that the number of data subjects (victims) who we believe to have been affected is in the region of 125. This figure is arrived at based on the taskings recorded by the 19 clients.”

The names of almost 100 blue-chip companies identified by Millipede were handed to the Home Affairs Select Committee in July. But the agency’s former chairman, Sir Ian Andrews, ruled that the information should be classified to protect the “financial viability of major organisations” rather than “tainting them with public association with criminality”.

One week later he resigned after it emerged that he had failed to declare to the committee that he owned a private company with his wife, who worked for a leading corporate intelligence firm, the Good Governance Group.

The case has raised accusations of double-standards at a time when the Press is at the centre of the largest criminal investigation in British history over practices which include the hiring of corrupt private eyes.

Even Mark Lewis, lawyer for the family of murder victim Milly Dowler, whose phone was hacked by News of the World journalists while she was missing, has said: “Consistency demands that the same rules apply to all, whether you run a newspaper, a pharmaceutical company or a law firm.”

The Home Affairs Select Committee voted unanimously to publish the classified list, but was persuaded to delay after the ICO launched its investigation. However, it is unclear whether the ICO will be able to mount successful prosecutions after Mr Graham admitted the “seven-year dither” may allow the clients to escape action.

Those on the client list compiled by Soca reportedly include X Factor mogul Simon Cowell, accountancy firm Deloitte, the banks Credit Suisse and Chase Manhattan, and the law firms Richards Butler (now Reed Smith), Herbert Smith Freehills and Clyde and Co.

Soca, which is being abolished and rebranded as the National Crime Agency, has stressed that featuring on its list does not indicate wrongdoing, as the clients may have been unaware of the methods the PIs were using.

Timeline: Quest for the truth

22 June The Independent reveals Soca sat for years on evidence that some of Britain’s most respected companies hired rogue private eyes.

18 July The Independent reveals Sir Ian Andrews, former Soca chairman, says the blue-chip clients should not be identified as it would damage their commercial interests.

22 July The Independent reveals Sir Ian, who helped to block publication of the list, failed to declare to the Committee that his wife worked for a private investigations firm.

24 July Soca passes the list of 102 blue-chip companies to the Home Affairs Select Committee, but classifies the information to save big companies from being “tainted with public association with criminality”.

1 August Sir Ian resigns.

31 August Soca finally hands the historic evidence on 98 blue-chip clients to the Information Commissioner days before Trevor Pearce, its director-general, reappears before the Home Affairs Select Committee.