14 DAY TRIAL // The data breach resulting from the ACS:Law email leak is much more extensive than originally thought and leaves the firm facing serious fines from the Information Commissioner's Office.
ACS:Law has attracted considerable negative attention after sending threatening emails to file sharers and asking them for money in order to avoid being taken to court for copyright infringement.
Because of such actions, a group of Internet hacktivists called Anonymous, has targeted the law firm in its recent Distributed Denial of Service (DDoS) campaign dubbed "Operation Payback."
Last week, members of the group have organized coordinated DDoS attacks against www.acs-law.org.uk, causing the website to go offline several times.
According to reports, on one occasion, the site returned back online with no index page, allowing virtually anyone to see the contents of its Web directory.
It was here that someone apparently found an archived backup of the company's mailboxes, which they downloaded and posted on The Pirate Bay for others to grab.
Later, it was revealed that one of the leaked emails had an Excel document attached, which listed the names and addresses of as much as 5,000 broadband subscribers suspected of downloading copyrighted movies.
The Information Commissioner's Office was notified of the breach and launched an investigation into why this data, obtained by ACS:Law through court orders from ISPs, was being passed around in unencrypted format.
However, it seems that this was just the tip of the iceberg, as two more files with personal information of 8,000 Sky and 400 PlusNet (BT) customers have since been found in the leaked database.
To make matters worse, in addition to names and addresses, these documents also contain details about compensation paid by alleged infringers, as well case notes. BBC reports that it has even seen emails with credit card details.
"The Information Commissioner has significant power to take action and I can levy fine of up to half a million pounds on companies that flout the [Data Protection Act]," Christopher Graham, who currently holds this office, told the news agency.