Controversial law firm ACS:Law has been hit with a £1,000 fine by the Information Commissioner’s Office (ICO) for its lax security that permitted a damaging data breach.
However the firm escaped having to pay a £200,000 fine, as the company is no longer trading.
“Andrew Jonathan Crossley – as data controller of the former law firm – has been served with a monetary penalty of £1,000,” said the ICO in its ruling.
The fine was issued after the website of ACS:Law was hit with a distributed denial-of-service (DDoS) attack last September. The attack exposed the unencrypted details of 6,000 broadband users, who reportedly signed up to BSkyB services and were thought to be illegally sharing pornography.
This included people’s ISP account details, their names and addresses, and their IP addresses, as well as information about the content they were alleged to have illegally copied. It also included some people’s credit card details, as well as references to their sex life, health and financial status.
Days later the ICO announced it would investigate the matter.
It subsequently found “serious flaws in ACS Law’s IT security system.”
“This case proves that a company’s failure to keep information secure can have disastrous consequences,” said Information Commissioner Christopher Graham. “Sensitive personal details relating to thousands of people were made available for download to a worldwide audience and will have caused them embarrassment and considerable distress. The security measures ACS:Law had in place were barely fit for purpose in a person’s home environment, let alone a business handling such sensitive details.”
ACS:Law is the now defunct law firm that had been tracking Internet users in the UK. It achieved notoriety for its letter-writing campaigns to individuals suspected of illegal file-sharing. This included a 78-year-old man, who was accused of illegally downloading pornography.
It has been a torrid time for Andrew Crossley and ACS Law, although his plight will attract little sympathy.
ACS:Law specialised in pursuing alleged copyright infringement cases on behalf of copyright holders from the music, video games and adult film industries. The firm gathered the information from individuals’ Internet service providers (ISPs), and the firm was unapologetic for its threatening letter campaign which was branded as bullying and extortion by critics.
But Crossley’s legal cases against 26 defendants was effectively shot down in the courts. In December eight cases of alleged copyright infringement, brought by MediaCAT and represented by ACS:Law, were firmly rejected by the courts.
Despite this, ACS:Law and MediaCAT continued to pursue the issue, sending out letters in January this year claiming that ACS:Law was no longer acting on behalf of MediaCAT, and that further payments should be made to a company called GCB Limited. But later in the month it dropped its pursuit of file-sharers due to alleged threats.
In February the Patents County Court today, Judge Birss QC accused ACS:Law and MediaCAT of attempting to avoid public scrutiny by backing out of the cases, and cast doubt on the evidence of file-sharing.
And in April a judge in the Patents County Court ruled that an action against ACS:Law requiring the firm to pay defendants’ costs could go ahead.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…