Sep 28, 2010 06:24 GMT  ·  By

ACS:Law Solicitors is being investigated by the Information Commissioner's Office, because consumer personal information was found in the emails leaked onto the Internet last week.

ACS:Law has been one of the targets in Anonymous' "Operation Payback," which involves DDoSing the websites of film and recording industry associations, as well as other organizations associated with them.

The UK-based law firm has gained notoriety by sending threatening letters to file sharers suspected of copyright infringement and asking them for money in order to avoid being taken to court.

Anonymous launched several attacks against ACS:Law's website last week and it appears that on one occasion when the website recovered, it no longer had an index page, allowing virtually anyone to browse the root Web directory.

This folder contained an archived backup of the company's mailboxes, which one Anonymous member downloaded and then posted on The Pirate Bay.

Privacy groups who looked over the leaked emails found that some messages contain private information about copyright violators.

In one particular case, an Excel file attached to one email sent by ACS:Law head Andrew Crossley to his colleagues, contained the names and addresses of over 5,300 broadband subscribers, along with records of movies they allegedly downloaded.

BSkyB has confirmed that the file exposes personal data of around 4,000 of its customers, which ACS:Law obtained through court orders.

"In relation to the individual names, these are just the names and addresses of the account owner and we make no claims that they themselves were sharing the files," Crossley told BBC.

He stressed that the company was the subject of a criminal attack, although, leaving files exposed on a website for anyone to grab sounds more like negligence than being victimized.

The Information Commissioner's Office (ICO) has been notified of the breach and started an investigation into the matter.

"Any organisation processing personal data must ensure that it is kept safe and secure," a spokesperson for the data privacy authority stressed.

"The ICO will be contacting ACS:Law to establish further facts of the case and to identify what action, if any, needs to be taken," they added.