Controversial solicitors firm ACS:Law UK (Andrew Crossley), which last week had all of its dirty email communication laundry leaked across the internet (here), is now facing more problems after Privacy International (PI) announced that it would take legal action against the firms breach of sensitive personal details.The emails were reportedly revealed on the evening of Friday 24th September 2010, as part of an unencrypted backup file, after ACS:Law allegedly attempted to restore their website following an extensive Distributed Denial-of-Service (DDoS) attack last week. This exposed an archive of messages containing confidential information that spanned almost three months across several accounts.
The law firms communications, which had been involved with tracking UK internet users to pursue legal action for breaches of copyright (piracy), included information for thousands of broadband ISP customers. Some reports claim that the details of 10,000 people have been exposed, including their names, addresses, postcodes, Internet Protocol ( IP ) addresses, what files they allegedly shared over P2P and in some cases even credit card details.
According to Alexander Hanff, PI Advisor:
"This data breach is likely to result in significant harm to tens of thousands of people in the form of fraud, identity theft and severe emotional distress. This firm collected this information by spying on internet users, and now it has placed thousands of innocent people at risk."
"This data breach is likely to result in significant harm to tens of thousands of people in the form of fraud, identity theft and severe emotional distress. This firm collected this information by spying on internet users, and now it has placed thousands of innocent people at risk."
Privacy International, a human rights group formed in 1990 as a watchdog on surveillance and privacy invasions by governments and corporations, has briefed the Information Commissioner's Office (ICO) and is preparing a complaint. Anybody whom has become a victim of this breach is being urged to contact alex@privacy.org.
PI claims that there is no evidence to suggest that the web server of ACS:Law itself was compromised by hackers (DDoS is an attack designed to take down a website, not a hack). It would seem that this data breach was purely down to poor server administration and a lack of suitable data protection and security technologies.
The Data Protection Act law requires that:The group has also urged ACS:Law to contact each and every person who is mentioned throughout the email archive and disclose the breach to them so they might take appropriate steps to secure their bank accounts and credit cards. This notification is essential so that individuals can also determine whether or not they wish to take legal action against the firm.
"Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."
UPDATE 28th September 2010
We have updated covering in our original article too.
Private UK Illegal ISP File Sharing Details Leak from ACS Law After DDoS Attack
UPDATE 29th September 2010
A spokesperson for the Information Commissioner’s Office (ICO) said:
"The ICO takes all breaches of the Data Protection Act very seriously. Any organisation processing personal data must ensure that it is kept safe and secure. This is an important principle of the Act. The ICO will be contacting ACS:Law to establish further facts of the case and to identify what action, if any, needs to be taken."
"The ICO takes all breaches of the Data Protection Act very seriously. Any organisation processing personal data must ensure that it is kept safe and secure. This is an important principle of the Act. The ICO will be contacting ACS:Law to establish further facts of the case and to identify what action, if any, needs to be taken."
Tweet
Comments: 16
Jessi SlaughterPosted: 27 September, 2010 - 12:20 PM
Link to comment
Hey Andrew,
"Big Whoop!"
Looks like your exortion days are somewhat numbered. Good job you didn't put down a desposit for that lambo/ferrari, ay?
Love
xxx
STEVIE BPosted: 27 September, 2010 - 12:54 PM
Link to comment
That has just made my day!!!
Where do i find out about this leaked information and what was on it??
Cheers
AnonPosted: 27 September, 2010 - 1:08 PM
Link to comment
If my data was there I would sue them for a lot of money thats for sure.
MarkJPosted: 27 September, 2010 - 2:00 PM
Link to comment
I think this could be quite a difficult case for PI to tackle, especially given the circumstances. A court may well give ACS:Law some benefit of the doubt, given the pressure they had been placed under as a result of the DDoS. PI must also be able to prove that ACS:Law were deliberately negligent, which is easier said than done.
The fact that the DDoS group involved seems to credit the release of this file to such a circumstance actually works against its credibility (i.e. they attacked ACS:Law and somehow also got the backup, which others did not see.. hmm). Of course ACS:Law itself has yet to contest this account of events so who knows.
frankPosted: 27 September, 2010 - 2:15 PM
Link to comment
@stevie
http://thepiratebay.org/search/ACS-Law/0/99/0
Legolash2oPosted: 27 September, 2010 - 2:27 PM
Link to comment
I don't think it would be wise to send links to where to get the data, it's peoples personal information after all.
AnonymousePosted: 27 September, 2010 - 3:13 PM
Link to comment
MarkJ
Upon ACS Law bringing their site back online after a being took off due to the DDOS attacks the back up file was accessible on the site.
There was no hacking involved at all just negligence.
Leaked emailsPosted: 27 September, 2010 - 11:54 PM
Link to comment
For those asking where they can find the emails I suggest taking a look at http://acslaw.blogspot.com which has loads of mirrors up to the emails. If you want to know what's in them then check out the news posted there and on slyck.com and torrentfreak.com. Literally everything has been revealed about this scam. From how much they were making to how Andrew Crossley treated his ex wife. No joke!
Max PearsonPosted: 28 September, 2010 - 2:14 AM
Link to comment
It's amazing how little this 'law firm' cared about the law! in one case a claimant flagged up clear problems with the technology and so they dropped the action quickly....
They openly admit in their business plan that they rely on bullying people into settling with strongly worded letters - but the technology probably wouldn't stand up in court.
This is blackmail, plain and simple.... they belong in jail.
timelessPosted: 28 September, 2010 - 3:09 AM
Link to comment
being a webmaster myself l dont think ACS:Law should be given any benefit of the doubt, putting backups on a web accessible part of the server is completely stupid and l call that negligence as any good webmaster wouldnt be that stupid.
however the fact that credit card information was emailed is beyond negligence, it should never have been emailed in the first place the whole situation disregarded users personal details and opened them up to all sorts of exploits, and considering the information has made it to the internet now l can see many users having their banks cleared out due to ACS's complete disregard for those they were trying to litigate, all they cared about was money they didnt care how they got it as this was a get rich quick scheme pure and simple..
CabbagePosted: 28 September, 2010 - 8:11 AM
Link to comment
The same story on the BBC website suggests that the list of customers also had a list of adult content movies that they had been sharing. So, they've also gone to embarrass customers into paying, most likely with the threat that friends and family will find out allegedly what these people have been sharing.
They give 'ambulance chasers' a bad name!
bifterPosted: 28 September, 2010 - 9:57 AM
Link to comment
ACS:Law are history! There is a copy of the email archive on the newsgroups along with a copy of Thunderbird portable so you can easily browse the structure from a pen drive. Easy to find!
It doesn't matter if the leak was caused by their hosting company or under the duress of the DoS attack, there are unencrypted Excel files being sent between employees, including Crossley himself, containing the details of thousands of Sky subscribers. This in itself is a huge breach of the DPA.
How do you like it up you, Andrew? Live by the sword, die by the sword.
nostradamusPosted: 29 September, 2010 - 5:20 AM
Link to comment
My predictions for the future of Andrew Crossley:
(a) The forthcoming Class actions will bankrupt him.
(b) The SRA will terminate his license to practice.
(c) He may even spend time in prison - all it will take is a sensible Judge who can see the threat-and-extortion scam he's been perpetrating for what it really is.
RabPosted: 2 October, 2010 - 1:06 PM
Link to comment
Blackmailers deserve yto be exposed for what they are. Total Bullies trying to use legalise to "scam" innocent people into paying for their immoral attitude to life God Help Them. Do Not give in to their demands.
RobynGoodwinPosted: 2 September, 2011 - 12:32 PM
Link to comment
I strictly recommend not to hold off until you earn enough amount of cash to buy all you need! You should take the <a href="http://bestfinance-blog.com/topics/personal-loans">personal loans</a> or just student loan and feel fine
Generated in 0.61937 seconds.
DB queries: 8
Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved (Terms, Privacy Policy, Links (.), Live Chat & Website Rules).