A Southwick man who hacked into NHS records and food company IT systems has been spared jail.
Peter Foy was just 18 when he used fake Honey gift vouchers to buy an Acer laptop from Amazon in October 2019, which he then used to go on a hacking spree in February and March the next year.
Most of his victims were luxury food delivery companies – Gousto, Abel and Cole and Riverford Organics. Police say he was able to use the information he found to arrange food deliveries, costing the companies thousands of pounds in lost revenue.
He also hacked into GP patient records held by the Emis network, an NHS IT contractor.
Foy, now 21, was today sentenced to 18 months’ custody, suspended for two years, at Lewes Crown Court after pleading guilty to fraudulently obtaining the laptop and four counts of unauthorised computer access to computer material at an earlier hearing in May.
Another charge of demanding money from Abel and Cole with menaces was not proceeded with.
Foy, a former student at the Greater Brighton Metropolitan College (GB Met), was also ordered to carry out 300 hours of unpaid work.
Senior investigating officer Detective Inspector Rob Bryant, from South East Regional Cybercrime Unit, said: “This was a case in which Foy, a teenager at the time of the offences, used sophisticated software to enable him to hack into the systems of food delivery companies and access the personal data of their customers.
“These offences took place at a time when they were facing unprecedented demand due to the onset of the Covid-19 pandemic.
“Foy’s offending also led him to unlawfully access patient medical records of a third-party company used by the National Health Service, itself facing the most challenging of times in its history.
“Foy claimed he was notifying companies and organisations of security breaches to enable them to improve their systems – his abilities to do this could have led to a promising career
“However his demands for financial rewards from the victims demonstrated his actions were not altruistic as he claimed.
“He used this ability to obtain a laptop for himself and arranged food deliveries for himself using other people’s money. The results were that some of the companies affected lost thousands of pounds in revenue.
“I would like to thank the organisations who reported this to police and worked closely with us throughout the investigation to ensure we had the evidence to enable Foy to be brought before a court to account for his actions.
“Although the offences were committed online, they are certainly not victimless offences and the South East Regional Cybercrime Unit is committed to uncovering such offending to ensure justice can be served.
“This case also serves as a timely reminder to anyone using their financial details online to check the security of the data.
“Foy was able to gain access to many victims’ accounts as they often used the same passwords across more than one account. We can make ourselves more secure online by using a random chain of letters and symbols, saved in our browser.
“Additionally, please consider using two-factor authentication where available to further protect yourself online.”
It is interesting that the story focuses more on food than the NHS losing control of patient records. One has to ask the question of “how” NHS records were accessed, if it was just a few patients, or was it a massive data breach.
They need to consider giving him a job at GCHQ! Clearly very clever to bypass Emis.