from www.computerworlduk.com – Not-for-profit group Privacy International is readying itself for legal action against a British law firm, after people’s details were leaked onto the company’s website in a denial of service attack.
ACS:Law had reportedly been tracking internet users for breach of copyright – after they may have illegally shared pornographic material – in order to take legal action.
The breach occurred on Friday evening, apparently after a distributed denial of service attack, with unencrypted emails sent to users appearing on the ACS:Law website. PI estimates the email archive has been downloaded “hundreds of thousands of times”.
When the data was leaked it became clear that “vast amounts of information” on “thousands” of users was being stored by the firm, PI said.
PI cited the Data Protection Act, which does not allow sensitive data to be stored on a public-facing website. A spokesperson at ACS:Law had not returned calls at the time of writing.
According to reports, one email contained the personal details of 10,000 people accused of file sharing pornography. Details included names, home addresses and IP addresses. Credit card details may have been included too.
Alexander Hanff, a lawyer for PI, said: “This data breach is likely to result in significant harm to tens of thousands of people in the form of fraud, identity theft and severe emotional distress.”
He added: “This firm collected this information by spying on internet users, and now it has placed thousands of innocent people at risk.” PI has notified the Information Commissioner.
PI said there was “no evidence” to suggest ACS:Law’s web server had been compromised, but it added that the breach appeared to be down to “poor server administration” and a lack of security.