Is ACS:Law offline permanently?

[p2p rules]

ACS:Law, the UK extortion firm taken down by angry online citizens, is still offline, leading to speculation that it’s gone forever.

But it’s not forgotten and now it has something new to contend with: Privacy International today said it’s planning legal action against ACS:Law for breaching the privacy of internet users after a security breach.

PI’s Alex Hanff says he’s also accepting complaints directly from the public. Email him here alex @ privacy dot org.

“The information held by ACS:Law, a law firm that has been tracking internet users to pursue legal action for breach of copyright, includes vast amounts of information on thousands of internet users”, it says . “While the full extent of this breach is not yet known, one report stated that among the stolen files is a single email containing the personal information of approximately 10,000 people assumed to have been involved in file-sharing of pornographic works, exposing their names, addresses, postcodes, and Internet protocol addresses. Other reports indicate that credit card details have also been made available.”

“On the evening of Friday 24th September 2010, ACS:Law exposed its email archive on its website, thereby disclosing confidential information spanning almost three months across multiple email accounts”, says Privacy International, going on >>>

The breach occurred as ACS:Law were reportedly bringing their web site back online after suffering a Distributed Denial of Services (DDoS) attack by the group Anonymous. Whereas the attack prevented the ACS:law web site from being accessed, there is no evidence to suggest that the web server was compromised; it would seem that this data breach was purely down to poor server administration and a lack of suitable data protection and security technologies.

The entire email archive was quickly uploaded to various file sharing networks and has now been distributed widely. We estimate that it has been now been downloaded hundreds of thousands of times.

Privacy International has notified the Information Commissioner’s Office (ICO) of this breach of the Data Protection Act and we have been assured that they are taking this case seriously.

We urge ACS:Law to contact each and every person who is mentioned throughout the email archive and disclose the breach to them so they might take appropriate steps to secure their bank accounts and credit cards.

This notification is essential so that individuals can also determine whether or not they wish to take legal action against the firm.

ACS:Law has breached the Data Protection Act by allowing a sensitive archive of data to be stored on a public facing web server, says PI, adding:

“The law requires that: ‘Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data’.”

p2pnet