KB-2025-002427 - [2025] EWHC 1993 (KB)

The Claimant’s evidence

The background to the application before me is set out in the witness statement from Mr Mellinger who is the Managing Director and founder of the Claimant.

In summary, the Claimant is engaged in the sale of rare coins and operates within a specialist market of individual collectors. Each customer is allocated to a dedicated Account Manager, a role which facilitates the relationship between the Claimant and customer. The Claimant uses a computer system known as “Zoho One”. The customer data kept and maintained by the Claimant is not limited to customer names and contact details but also includes customers’ purchasing history. Each of D2 – D7 had access to the Claimant’s customer database during their employment (including any periods of sick leave).

Mr Mellinger explains in his statement at paragraphs 27-31 that he became aware of the Defendants’ alleged wrongdoing through a series of concerns that were expressed by customers. From those concerns it seems that a number of customers received unsolicited calls from D1 in the course of which D1 seemed to have knowledge of the customer’s previous purchases from the Claimant. The customers (wrongly) believed that they were dealing with the Claimant. Offers were made which undercut the Claimant’s prices. Mr Mellinger says that these reported concerns show “that there was an issue in respect of the First Defendant which could and/or had caused serious damage to the Claimant’s business. It was even more concerning as it was clear that the actions of the First Defendant were having a clear detrimental impact on the Claimant’s goodwill and reputation.”

In response to these concerns the Claimant carried out a number of investigations. Mr Michael Hall, the Claimant’s Technical Development Manager, sets out the investigations that he conducted in his witness statement. His statement sets out findings in respect of D3, D4, D5 and D7:

D3 logged in from D2’s home address at a time when they were both away from work on sick leave. Between 16 and 27 March 2025, D3’s login was used 87 times from this location to load and/or refresh reports on the Claimant’s systems. D3’s login was also used from D5’s home address at a time when both were signed off sick. Between 22 and 26 March 2025, D3’s login was used 28 times from this location to load and/or refresh reports on the Claimant’s systems. On 22 March 2025, D3’s login was used at three separate IP addresses within the same day. This suggests that multiple users had been using his details to access Zoho One and Zoho analytics data on customers.

D4’s login was used from D2’s address on 1, 4, 8 22 and 23 April 2025 and also from the address of D7. D4’s login was used on occasion from external locations, even when D4 was working at the Claimant’s premises in the course of his employment. D4’s device connected to a Wi-Fi hotspot named “Knightsbridge” on 2 June 2025 between the hours of 9.46am and 16.40pm. In that time, large volumes of data were accessed from the Claimant’s systems. A mobile app showing an IP address indicated that D4 attended D1’s offices frequently between 7 May and 2 June 2025 (a period when he was away on sick leave).

D5 downloaded the Agent Only Base report in a modified form so as to show specifically the email addresses of the customers. This was not the standard form of the report. D5 wiped his browsing history and despite being on sick leave his laptop was used for a significant part of March. His account was accessed outside of the Claimant’s office in March during which time customer data was accessed. Between 11 February and 19 March 2025 he accessed the systems and data reports a total of 113 times.

D7 accessed Zoho Analytics on 12 and 22 February 2025 and 5, 13 and 14 March 2025 (when D7 was supposedly signed off sick). His laptop was also connected to a Wi-Fi hotspot unrelated to the Claimant extensively over the period.

Mr Mellinger explains that the Claimant undertook a password reset across the company on 20 March 2025. He notes that D3 was not signed off sick on that date and so received the new password. He says that it is striking that D3’s login credentials were then used by D2-D7 to access the Claimant’s systems.

A private investigator was commissioned to undertake surveillance of D2-D7 during June 2025. In summary:

D6 and D7 were witnessed at the offices of D1 on 13 June 2025, wearing headsets and speaking.

D5 and D6 were witnessed at D1’s offices on 16 June 2025.

D2, D6 and D7 were witnessed at D1’s offices on 17 June 2025. D2 was still employed by the Claimant (and supposedly on sick leave) at that time.

D5, D6 and D6 were witnessed at D1’s offices on 18 June 2025.

D2, D3, D5, D6 and D7 were witnessed at D1’s offices on 19 June 2025.

The individual Defendants’ contracts of employment contained an express duty of fidelity and duties of confidence. They signed written agreements referred to as non-disclosure agreements prohibiting unauthorised use of confidential information.