London law firm Mischon De Reya said it had seen a significant rise in database theft cases over the past year and predicted the problem would get worse as businesses become increasingly reliant on IT.
In one case, a company was forced out of business when its customer database was stolen by a rival firm, which then undercut its prices. Other companies have lost customers and suffered heavy losses.
Dan Morrison, a partner in Mischon's fraud and brand protection group, said, "When you are investigating fraud all you see is the tip of the iceberg. You never know the full extent of who is involved, what is involved and the money involved."
The police are usually of little help in database theft cases. They lack the time, the resources and the expertise to pursue database thieves, Morrison said.
Victims usually have little choice than to mount their own investigations and to take action through the civil courts.
Morrison said, "The only language the crooks understand is money. You have to go for the money, and follow the assets."
Mischon has advised victim companies how they can gather admissible evidence using undercover techniques such as bugging, examining rubbish or setting up front companies to approach the fraudulent firms as potential customers.
You can make life more difficult for fraudsters by segregating data, so that staff have access only to the data they need, by limiting the size of file that can be sent outside the company on e-mail, and by restricting the ability of office PCs to make copies of files on to CD, he said.