We reported on Monday about the security lapse which occurred at ACS:Law, the legal firm involved in the controversial chasing of alleged online copyright infringers.
The lapse happened after the firm’s site was hit by a denial of service attack, and while getting the website online again, back up files were exposed on the server. These were downloaded and posted on file sharing sites, and consisted of many archived emails which exposed the inner workings of ACS:Law.
However, the data also included the personal details of those who had been chased by the firm, and this is where it gets messy.
Initially, reports stated that the leak revealed the personal details of 5000 people accused of illegally downloading pornographic films. However, yesterday the BBC reported that a further 8000 Sky broadband users were exposed in the leak, along with 400 PlusNet customers, all accused of illegal music or film sharing.
The details revealed not only included names and addresses, but payment records and even bank details, worryingly. The Information Commissioner’s Office is currently investigating the matter, and could impose a fine of up to £500,000 if it finds the law firm negligent in its online security.
Sky has now cut all ties with ACS: Law. In a statement to the Press Association, a spokesman said: “We have suspended all co-operation with ACS:Law with immediate effect. This suspension will remain in place until ACS:Law demonstrates adequate measures to protect the security of personal information.”
The ICO is treating the affair as a matter of urgency.