Yesterday it emerged that the personal details, including full names and home addresses, of more than 5,000 Sky broadband customers had been posted online. The BBC's Daniel Emery reports that this list was compiled by law firm ACS:Law and also contains details about pornographic content the broadband users are accused of pirating. The list appeared online after 4Chan took down ACS:Law's website as part of its recent "Operation Payback is a Bitch" DDoS attacks.
Earlier this month, 4Chan targeted several organizations dedicated to putting an end to piracy. Though ACS:Law was among those hit with DDoS attacks orchestrated by 4Chan users -- TorrentFreak reports that the London-based law firm has been making money working to identify filesharers and recoup settlement money for copyright holders -- the head of ACS:Law, Andrew Crossley, was unperturbed by the DDoS attack and had no qualms about telling that to the media.
"It was only down for a few hours," Crossley told the Register. "I have far more concern over the fact of my train turning up 10 minutes late or having to queue for a coffee than them wasting my time with this sort of rubbish."
4Chan didn't take kindly to the fact that Mr. Crossley was so unaffected by their attempts to cause him some distress and late last week, a leak was posted to the Pirate Bay containing 1,000 confidential ACS:Law e-mails, along with the unencrypted list of Sky broadband users. Mr. Cossley told the BBC his firm had been "subject to a criminal attack to its systems" and that he had informed the police.
While having your name and home address included on a list of pirates supposedly in the business of sharing pornography is bad enough, it's probably worse if you're not even pirating pornography to begin with. An August investigation by the BBC discovered that many people on the receiving end of settlement demands from ACS:Law claimed they were wrongly accused of filesharing by the firm,. What's more, a UK consumer Watchdog said they had received a number of complaints from people saying the same thing.
Daniel Emery writes that though Mr. Cossley refused to comment on the leaked internal emails, he did confirm that those on the list might not have pirated any content.
"All our evidence does is identify an internet connection that has been utilized to share copyright work," he told BBC. "In relation to the individual names, these are just the names and addresses of the account owner and we make no claims that they themselves were sharing the files," he explained.
Early this morning, the Information Commissioner confirmed that it was investigating the matter.
"The question we will be asking is how secure was this information and how it was so easily accessed from outside," said Christopher Graham. "We'll be asking about the adequacy of encryption, the firewall, the training of staff and why that information was so public facing."
Graham said that his position as ICO allows him to impose a fine of up to half a million pounds (just under $790,000) if a company is found to have breached the Data Protection Act.