CYFOR Blog

The Computer Misuse Act is a UK law that protects personal data held by organisations from unauthorised access to computer systems and modification of files without consent.

Introduction of the Act

Introduced in 1990, the Computer Misuse Act is imposed against cybercriminals facing accusations such as hacking and data breaches. The Act has been consistently updated to address the ever-changing technology landscape and has been shaped to respond to a growing variety of threats.

Computer Misuse Act Amendments

The most significant amendment occurred in 2015 when the Act was updated to align with the Serious Crime Act 2015. Computer Misuse was added to the list of serious crimes with a maximum penalty for being found guilty increasing to a prison sentence of 14 years and the possibility of a fine. If a charge included threats to national security or human welfare, a life sentence can be imposed.

In 2006 section 37 of the Police and Justice Act of 2006 was inserted into the Computer Misuse Act. Known as 3A, this section stipulates that making, supplying or obtaining any articles for use in a malicious act using a computer is classified as criminal activity.

Computer Misuse Act penalties

The following are offences under the Computer Misuse Act and cover a range of offences which include hacking, computer fraud, blackmail and viruses. Computer Misuse Act offences can be dealt with at the Magistrates Court or the Crown Court depending on the seriousness and are applied according to the crime and severity of the act.

• Unauthorised access to computer material. Commonly referred to as hacking.
• Penalty: Up to six months in prison and/or a or up to a £5,000 fine

• Unauthorised access to computer materials with intent to commit a further crime. This refers to hacking a computer system to steal or destroy data (such as planting a virus).
• Penalty: Up to a five-year prison sentence and/or an unlimited fine

• Unauthorised modification of data. This refers to the modification or deletion of data and covers the introduction of malware or spyware onto a computer device (electronic vandalism and theft of information).
• Penalty: Up to a five-year prison sentence and/or an unlimited fine

• Making, supplying or obtaining anything which can be used in computer misuse offences
• Penalty: Up to a ten-year prison sentence and/or an unlimited fine

Has your client been charged with a Computer Misuse Act offence?

If your client has been charged with a Computer Misuse Act offence, CYFOR can assist.

With expertise in providing comprehensive digital forensic and cyber security investigations, we are ideally placed to review evidence from a defence perspective. Our team of specialists are comprised of numerous former police detectives who are well versed and fully trained in investigations pertaining to computer misuse offences. They can review and analyse all data within a case and are familiar with the process the police use to retrieve information. Our previous investigative experience has covered numerous cybercrime offences, including hacking, fraud, blackmail and data extortion.