Hattons of London v Knightsbridge Collection: the coin dealer data theft that a CRM system and a cloud provider helped unravel

Six sales staff go on simultaneous sick leave. They submit a collective grievance alleging years of bullying. They quietly set up a competing business, register on its CRM system, draft call scripts using their employer's customer database, and begin making sales to those customers while still technically employed. When their employer finally discovers what has happened, 172 of the 176 sales recorded by the new company turn out to be to the original employer's clients.

That, in its essentials, is the story told by Bruce Carr KC, sitting as a Deputy High Court Judge, in Hattons of London Limited v The Knightsbridge Collection Limited [2026] EWHC 1510 (KB). His conclusion, reached after a five-day trial at which most of the defendants appeared in person, was unambiguous: the evidence was overwhelming, the defences were untrue, and the Defendants had behaved in a dishonest and reprehensible way from the moment they decided to leave Hattons right up to the final written submissions.

What makes this case particularly instructive is not the legal principles, which are well established, but the forensic trail that the defendants left behind and the role that cloud-based software played in exposing it. Hattons used a platform called Zoho One for its customer relationship management. When it noticed suspicious access patterns, it could identify not only when its databases had been accessed but from which IP addresses, meaning it could place individual defendants at specific computers, at specific times, accessing specific customer records while on sick leave.

The defendants' own Zoho account, set up for the competing business in March 2025, was even more damaging. When the company went into liquidation, the liquidators applied under section 234 of the Insolvency Act 1986 to obtain the data from Zoho directly. The 4,300 documents that followed included internal chat logs, email chains, sales scripts, shared spreadsheets, a proposed shareholder agreement dividing the company between all seven individual defendants, and messages in which two of them openly discussed the merits of the "constructive dismissal route" while still employed by Hattons.

One message sent through the Cliq internal messaging system is particularly striking. Two defendants discuss how a legitimate data set purchased from a third party had produced "zero connections" because the numbers did not even ring out, while in the same conversation a third confirms he is "only running the 8th buyers" from what can only be read as Hattons' own database. The grievance, the judge found, was contrived to create an exit strategy and to buy time while the competing operation was established.

The legal claims that succeeded were breach of confidence, breach of contract (express terms and implied terms of fidelity and good faith), database rights under the 1997 Regulations, and unlawful means conspiracy. The claim in inducement to breach of contract did not succeed on the evidence, the judge being unable to identify specific acts of inducement between the co-defendants sufficient to satisfy that tort's requirements, a reminder that even in a case of collective wrongdoing the individual elements of accessory liability must still be established.

On relief, the springboard injunction was extended by 18 months from the date of the order rather than the 24 months sought by the claimant. The judge's reasoning was that the defendants had ceased material activity for the competing business around June 2025, so 18 months from the date of judgement in June 2026 gives Hattons the best part of two and a half years of protection in total, which he regarded as sufficient to neutralise the competitive advantage obtained.

The case carries a practical message for any business that holds sensitive customer data. The combination of contractual confidentiality obligations, NDAs and cloud-based audit trails proved lethal to defences that might otherwise have been harder to disprove. The defendants stuck to their accounts through pleadings, affidavits, witness statements and cross-examination. The cloud did not.