The Information Commissioner’s Office (ICO) has confirmed a major data breach at a UK law firm, that could see it hit with a maximum penalty of £500,000.
The website of ACS:Law was still unavailable on Tuesday afternoon of 28 September, after it was revealed that on Friday that the unencrypted details of thousands of broadband users, who reportedly signed up to BSkyB services and were thought to be illegally sharing pornography, had been leaked on the ACS:Law website.
It is alleged that ACS:Law exposed its email archive on its website, thereby disclosing confidential information.
ACS:Law is the law firm that has been tracking Internet users and achieved notoriety for its letter-writing campaigns to individuals suspected of illegal file-sharing. This included a 78 year-old man, who was accused of downloading pornography.
On Monday privacy campaign group Privacy International said it was planning legal action against the UK law firm for the breach.
According to Privacy International, the stolen file is a single email containing the personal information of approximately 10,000 people assumed to have been involved in file-sharing of pornographic works. Details are said to include their names, addresses, postcodes, and Internet protocol addresses. “Other reports indicate that credit card details have also been made available.”
“This data breach is likely to result in significant harm to tens of thousands of people in the form of fraud, identity theft and severe emotional distress,” said PI advisor Alexander Hanff. “This firm collected this information by spying on Internet users, and now it has placed thousands of innocent people at risk.”
And now the ICO has said that it takes any breach of the Data Protection Act “very seriously”.
“Any organisation processing personal data must ensure that it is kept safe and secure. This is an important principle of the Act. The ICO will be contacting ACS:Law to establish further facts of the case and to identify what action, if any, needs to be taken,” it added.
And others have been quick to add their thoughts on the matter.
“It’s shocking that ACS:Law are prepared to use the Digital Economy Act for their processes in future,” said Jim Killock, Executive Director of the Open Rights Group. “And there is little to stop them. They could self-certify their evidence collecting process and send the data to ISPs. The question is if Ofcom will let us see these methods or will they allow calls of “commercial confidentiality” to keep parts of the processes closed from view?”
“What’s interesting about this particular investigation into data protection breaches is that the Information Commissioner has made it clear that, even where a data breach is a result of a malicious cyber attack, this is not an adequate defence and serves as no excuse,” said Andrew Wyatt of software security firm Clearswift.
“This data belongs to the account holders themselves and is held by BSkyB – it will be interesting to see how this data arrived at ACS in the first place,” said Tony Dyhouse – the cyber security director of the Digital Systems Knowledge Transfer Network (the government’s independent adviser on integrated digital technologies). “The fact that the information was not encrypted or sufficiently protected then only exacerbated the problem.”
So far however, the ICO has yet to issue a major financial penalty for a data breach.
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…
View Comments
All UK citizens are encouraged to contact their ISPs and demand they release an official statement ensuring they will NEVER give up any details to the ACS:Law scammers and Andrew Johnthan Crossley.
Download and share the full leak: http://acslaw.blogspot.com/2010/09/breaking-news-andrew-crossleys.html
Don't let those around you get bullied by this scam law firm.