Section 2 of the Computer Misuse Act criminalises unauthorised access with intent to commit or facilitate further offences. It is important to understand that the reason this is deemed more serious than Section 1 is the intent to progress an attack to leverage the unauthorised access to achieve some goal. Whether or not this goal is achieved immediately, by the same person, or even includes a computer is immaterial.

The case study for Section 2 is a breach against the breakdown cover and car insurance company RAC. In this instance an employee of the company leveraged their access to the RAC systems and gained unauthorised access to road traffic accident data. This included names, phone numbers, and licence plate details of customers who had experienced a traffic accident.

This data, that was gathered without authorisation, was then sold to an accident claims management company that would use the data to conduct unwanted calls to customers in an attempt to launch fraudulent personal injury claims.

This case highlights that the secondary crime does not have to be carried out by the individual responsible for the initial breach and that a crime such as fraud, which is not remotely linked to CMA, can used to build a case that an offence against Section 2 existed.

‍