‘Millions’ of GM customers’ data potentially compromised as Wejo Group lays off all global employees. Meanwhile, P45s sent to the wrong people

All global employees of Wejo Group have been made redundant as of July 10, 2023, according to a Q&A circulated to non-UK employees by administrators Leonard Curtis last week and seen by Prolific North.

The company first gave notice of intent to enter administration in May and after a further two notices finally did so on July 10, following a period that had left staff in limbo and unable to claim any government relief as their employer was technically not in administration.

The new document seen by Prolific North document specifically addresses Wejo’s Californian and German operations, however the crux of the matter is found in Leonard Curtis’ answer to Q3: “Yes, all employees within the Wejo Group are redundant with effect from July 10 2023.”

This might seem bad enough, but over the course of the weekend, multiple employees of Wejo Ltd, the Manchester HQ of the vehicle data specialist and the larger Wejo Group, have contacted Prolific North to inform us that, were their redundancy not enough of a bitter pill to swallow, they’ve been sent another employee’s P45 and P60, or in one case their own along with that of another former employee they don’t even know in at least one case. Prolific North understands that the Information Commissioner’s Office has been made aware of the situation.

This seems quite bad form for a company charged with handling the data of literally millions of customers of the vehicle manufacturers it worked with.

When US auto manufacturing giant GM took a 35% in Wejo in 2019, the PR fluff proudly spoke of 11m GM vehicles that Wejo would be collecting data from. By the time Wejo picked up 2022’s BIG Innovation Award it was talking about 20.8m vehicles, though these may not all have been GM’s – the company also worked with Ford, albeit in a lesser capacity than its GM relationship, and had a fledgling Asian operation through an agreement with Japanese insurance company Sompo.

What is clear is that several million GM customers’ data is currently handled by a company that has laid off its entire staff, is in administration, and is incapable of sending physical documents to the correct person, before we even move on to handling digital data.

One former Wejo employee told Prolific North: “Wejo was processing 50 million car journeys per day, which was mostly all GM data. This data would include PII data such as VIN numbers and location data. The data of millions of GM customers has been left on a cloud environment that is not being managed or maintained due to the administrator laying off all staff including key functions such as data science, privacy and security.”

A second former employee, who was also closely involved with Wejo’s approach to data privacy, which we understand Wejo took very seriously, said the risk to individual customers is “approaching zero.”

There’s no denying, however, that the uncertainty currently hanging over millions of its customers’ data, not to mention the apparent inability of Wejo and its administrators to send physical data to the correct recipient, is not a good look for one of the world’s biggest car manufacturers.

GM presumably has confidence in Wejo’s ability to handle several million customers’ data without any staff, as multiple requests for comment have been met with silence. Wejo, and the administrators Leonard Curtis, have also been contacted for comment several times, but have thus far declined to engage.