The governments Information Commissioner's Office (ICO) has handed down a measly fine of £1,000 to the boss of defunct solicitors firm ACS:Law UK - 'Andrew Jonathan Crossley' - after a failed attempt to recover their website last year resulted in thousands of private customer records from several major broadband ISPs ( e.g. Sky Broadband and PlusNet ) being leaked (original news) online.ACS:Law made its living by "bullying" customers of UK ISPs, specifically those whom they "suspected" of being involved with "illegal" internet copyright infringement via public P2P (BitTorrent) file sharing networks, into paying hefty fines.
However, the firms harsh methods ultimately lead to its website being hit by a Distributed Denial-of-Service (DDoS) attack, which was conducted by the now infamous group called 'Anonymous'. Sadly an attempt to restore the website resulted in a backup of Crossley's private emails being uploaded by mistake. It was soon leaked.
Privacy International (PI) promptly issued a complaint about this to the ICO and warned that the data breach was "likely to result in significant harm to tens of thousands of people in the form of fraud, identity theft and severe emotional distress" (Full PI Report).
The ICO's subsequent investigation claims to have found serious flaws in ACS:Law's IT security system and blames Crossley for failing to "seek professional advice" and only using a cheap and inadequate web-hosting package that was "intended for domestic use".
Information Commissioner, Christopher Graham, said:
"This case proves that a company’s failure to keep information secure can have disastrous consequences. Sensitive personal details relating to thousands of people were made available for download to a worldwide audience and will have caused them embarrassment and considerable distress.
The security measures ACS Law had in place were barely fit for purpose in a person’s home environment, let alone a business handling such sensitive details.
As Mr Crossley was a sole trader it falls on the individual to pay the fine. Were it not for the fact that ACS Law has ceased trading so that Mr Crossley now has limited means, a monetary penalty of £200,000 would have been imposed, given the severity of the breach. Penalties are a tool for achieving compliance with the law and, as set out in our criteria, we take people’s circumstances and their ability to pay into account."
"This case proves that a company’s failure to keep information secure can have disastrous consequences. Sensitive personal details relating to thousands of people were made available for download to a worldwide audience and will have caused them embarrassment and considerable distress.
The security measures ACS Law had in place were barely fit for purpose in a person’s home environment, let alone a business handling such sensitive details.
As Mr Crossley was a sole trader it falls on the individual to pay the fine. Were it not for the fact that ACS Law has ceased trading so that Mr Crossley now has limited means, a monetary penalty of £200,000 would have been imposed, given the severity of the breach. Penalties are a tool for achieving compliance with the law and, as set out in our criteria, we take people’s circumstances and their ability to pay into account."
ACS:Law officially "ceased trading" at the end of January 2011 and many people believe that this was little more than a crafty attempt to avoid suffering the financial backlash from its failed court case against 27 broadband ISP customers. The judge in that case was clearly less than pleased and is now allowing a claim for £90,000 in wasted costs against Crossley to proceed (here).
Crossley is understood to have issued a sworn statement to the ICO that allegedly reflects his currently weak financial situation and thus an inability to pay a hefty fine. Amazingly the already tiny £1,000 fine will be reduced to £800 if Crossley pays on time.
Meanwhile at least 6,000 people have had their ISP account details, their names and addresses, their IP addresses, credit card details, sexual preferences, health details, financial status and information about the content they were alleged to have illegally copied strewn across the internet.
Tweet
Comments: 3
VPosted: 11 May, 2011 - 11:18 AM
Link to comment
Complain to the ICO people! i just sent them a shitty email, its a start!
Dont bother with the complaint form, just fling them a turd.
ICO have been a waste of space dealing with this whole mess.
dragoneastPosted: 11 May, 2011 - 8:10 PM
Link to comment
Memo to the ICO: the biggest rogue trader scam is to ignore the law and fold your business when caught out and before the bueaucratic enforcement agencies catch up with you. It's not hard and ICO have just made it a great deal easier. Plead poverty and we'll let you off (after all plenty of big businesses, like banks, post losses). And now usefully, he'll argue that in any further proceeedings he can't be punished for having IT security not fit for a domestic environment, because that would be double jeopardy, and he's already been "punished". Well done, you've not just made a mockery of yourselves, but perhaps you've screwed up future proceedings too!!
Generated in 0.30927 seconds.
DB queries: 8
Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved (Terms, Privacy Policy, Links (.), Live Chat & Website Rules).