Piracy law firm leak raises privacy concerns

Copyright law firm allegedly leaked private data after hack attack

Stewart Mitchell
27 Sep 2010

Privacy International is planning legal action against a law firm after a security breach allegedly leaked personal information of thousands of internet users.

The data was held by ACS:Law, a firm that has tracked internet users to pursue legal action for breach of copyright. The leak happened as ACS:Law was trying to bring its site back online following a denial of service attack.

Although the full extent of the breach remains unclear, Privacy International claimed one email alone contained the personal information of some 10,000 people assumed to have been involved in file-sharing of pornographic works, exposing their names, addresses, postcodes, and internet protocol addresses.

"This data breach is likely to result in significant harm to tens of thousands of people in the form of fraud, identity theft and severe emotional distress," said Alexander Hanff, a Privacy International advisor.

The law firm made a raft of personal information such as email correspondence, scans of letters and possibly credit card information available

Privacy International claimed the breach could have been avoided with better security measures. “It would seem that this data breach was purely down to poor server administration and a lack of suitable data protection and security technologies.”

The privacy group said it had briefed the Information Commissioner's Office and is preparing a complaint.

Although it has yet to initiate a formal investigation, the Information Commissioner's Office told PC Pro it was aware of the case and would be looking into the situation.

“The ICO takes all breaches of the Data Protection Act very seriously and any organisation processing personal data must ensure that it is kept safe and secure,” the watchdog said in a statement. “The ICO will be contacting ACS:Law to establish further facts of the case and to identify what action, if any, needs to be taken.”

The ACS:Law website was down at the time of writing and the company could not be reached for comment.

Experts say that anyone who has had financial dealings with ACS:Law, such as downloaders who have settled out of court over copyright infringement cases, should be extra vigilant over their bank accounts following the breach.

“The law firm made a raft of personal information such as email correspondence, scans of letters and possibly credit card information available to those who looked a little bit harder than usual,” said ThinkBroadband.com specialist Andrew Ferguson.

“This information is now out on the internet, both on websites and via torrent tracking sites,” he said. “Some broadband providers are informing customers that their personal information had been previously passed to ACS:Law and may now have been leaked.”

Read more about: