Law Firm Faces Hefty Fine Over Porn Breach

The Information Commissioner’s Office (ICO) has confirmed a major data breach at a UK law firm, that could see it hit with a maximum penalty of £500,000.

The website of ACS:Law was still unavailable on Tuesday afternoon of 28 September, after it was revealed that on Friday that the unencrypted details of thousands of broadband users, who reportedly signed up to BSkyB services and were thought to be illegally sharing pornography, had been leaked on the ACS:Law website.

It is alleged that ACS:Law exposed its email archive on its website, thereby disclosing confidential information.

ACS:Law is the law firm that has been tracking Internet users and achieved notoriety for its letter-writing campaigns to individuals suspected of illegal file-sharing. This included a 78 year-old man, who was accused of downloading pornography.

PI Lawsuit

On Monday privacy campaign group Privacy International said it was planning legal action against the UK law firm for the breach.

According to Privacy International, the stolen file is a single email containing the personal information of approximately 10,000 people assumed to have been involved in file-sharing of pornographic works. Details are said to include their names, addresses, postcodes, and Internet protocol addresses. “Other reports indicate that credit card details have also been made available.”

“This data breach is likely to result in significant harm to tens of thousands of people in the form of fraud, identity theft and severe emotional distress,” said PI advisor Alexander Hanff. “This firm collected this information by spying on Internet users, and now it has placed thousands of innocent people at risk.”

ICO Investigates

And now the ICO has said that it takes any breach of the Data Protection Act “very seriously”.

“The ICO takes all breaches of the Data Protection Act very seriously,” it said in an emailed statement to eWEEK Europe UK.

“Any organisation processing personal data must ensure that it is kept safe and secure. This is an important principle of the Act. The ICO will be contacting ACS:Law to establish further facts of the case and to identify what action, if any, needs to be taken,” it added.

And others have been quick to add their thoughts on the matter.

Attack Is No Defense

“It’s shocking that ACS:Law are prepared to use the Digital Economy Act for their processes in future,” said Jim Killock, Executive Director of the Open Rights Group. “And there is little to stop them. They could self-certify their evidence collecting process and send the data to ISPs. The question is if Ofcom will let us see these methods or will they allow calls of “commercial confidentiality” to keep parts of the processes closed from view?”

“What’s interesting about this particular investigation into data protection breaches is that the Information Commissioner has made it clear that, even where a data breach is a result of a malicious cyber attack, this is not an adequate defence and serves as no excuse,” said Andrew Wyatt of software security firm Clearswift.

“This data belongs to the account holders themselves and is held by BSkyB – it will be interesting to see how this data arrived at ACS in the first place,” said Tony Dyhouse – the cyber security director of the Digital Systems Knowledge Transfer Network (the government’s independent adviser on integrated digital technologies). “The fact that the information was not encrypted or sufficiently protected then only exacerbated the problem.”

So far however, the ICO has yet to issue a major financial penalty for a data breach.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

View Comments

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

8 mins ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

17 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

20 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

21 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

22 hours ago