UK car rescue company accused of 'cover up' following a data breach


After suffering a data exposure of at least 13GB of customer information covering 117,000 accounts the actions of one of the UK’s largest motoring associations provides a great insight into the importance of incident response.

An initial incorrect assessment of the event’s severity coupled with accusations by the security community of downplaying the incident with speculation of a deliberate 'cover-up' forces the company to backtrack on their published official stance.

The senior management team are then forced to step in and personally incident-manage the situation, directly apologising to customers, emailing journalists and the security community to allay fears as to their intentions and to limit the backlash.

For organisations grappling with GDPR and wishing to understand how best to structure their incident response plans, this less-than-optimal example provides great insights into the areas that will require the greatest resources and management focus.

Book a consultation

Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:


  • AA plc
  • Automobile Association plc

We've done the analysis so you can make the decisions

When purchasing a minimum of 5 Case Studies
$699.99 if buying less than 5.

  • Detailed cause & effect analysis
  • Lessons learnt catalogued
  • Preventive controls extracted
Add to Cart
Heads up! Want to try before you buy? You can download our FREE demo case study here