UK car rescue company accused of 'cover up' following a data breach


After suffering a data exposure of at least 13GB of customer information covering 117,000 accounts the actions of one of the UK’s largest motoring associations provides a great insight into the importance of incident response.

An initial incorrect assessment of the event’s severity coupled with accusations by the security community of downplaying the incident with speculation of a deliberate 'cover-up' forces the company to backtrack on their published official stance.

The senior management team are then forced to step in and personally incident-manage the situation, directly apologising to customers, emailing journalists and the security community to allay fears as to their intentions and to limit the backlash.

For organisations grappling with GDPR and wishing to understand how best to structure their incident response plans, this less-than-optimal example provides great insights into the areas that will require the greatest resources and management focus.

Speak to the analyst

Want to discuss this case? We're offering a FREE 20 minute phone consultation to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:


Courtenay Brammar

Experienced global enterprise risk and governance professional. Previously Vice President at Morgan Stanley, Deloitte Risk Advisory practitioner and PRMIA steering committee member in both London and New York.

Additional services

We offer a range of cost-effective, fixed-price training programmes and consultant services derived from the unique insights gained from all our case study data.

If you'd rather we did the heavy lifting in developing a cyber incident response plan or lessons learnt training for your organisation underpined by our unique insight into the challenges faced and strategies implemented by organisations countering today's cyber security threats then please contact us here.


  • AA plc
  • Automobile Association plc

We've done the analysis so you can make the decisions

When purchasing a minimum of 5 Case Studies
$699.99 if buying less than 5.

  • Detailed cause & effect analysis
  • Lessons learnt catalogued
  • Preventive controls extracted
Add to Cart
Heads up! Want to try before you buy? You can download our FREE demo case study here