Cyber-Pirates have placed British law firm ACS:Law in its crosshairs by posting the personal information of thousands of Sky broadband customers who it alleges have illegally shared pornographic movies online. BBC Technology Reporter, Daniel Emery, wrote that:
“[t]he documents appeared online after users of the message-board 4Chan attacked ACS:Law’s site in retaliation for its anti-piracy efforts. The firm has made a business out of sending thousands of letters to alleged net pirates, asking them to pay compensation of about £500 per infringement or face court. It uses third-party firms to scour the net looking for possible infringements of music and film copyright. Armed with IP (internet protocol) addresses – which can identify the internet connection used in any copyright infringement – its lawyers can then apply for a court order to get the physical address of the PC from the service provider whose network has allegedly been used for the file-sharing. A BBC investigation in August found a number of people saying they were wrongly accused by ACS:Law of illegal file-sharing. UK consumer group Which? says it has also received a number of complaints. Many contest that IP addresses can be spoofed. ACS:Law is under investigation by the Solicitors Regulation Authority over its role in sending letters to alleged pirates. The leak contains around 1,000 confidential e-mails, along with the list, which was an attachment on one of the messages. The collection was then uploaded to file sharing website, The Pirate Bay, where it is being shared by hundreds of users. The confidential e-mails include personal correspondence between Andrew Crossley – who runs ACS:Law – and work colleagues, as well as lists of potential file-sharers and information on how much the firm has made through its anti-file-sharing activities. While some of the e-mails, detailing the internal workings of the company, may prove embarrassing, the leaking of an unencrypted document – that lists the personal details of more than 5,300 Sky Broadband subscribers alongside a list of adult videos they may have downloaded and shared online – could be a breach of the Data Protection Act.”
This data breach highlights how law firms should be more diligent in how they secure client data and communications. At the very least, ACS:Law should have encrypted their client files to ensure a minimum level of care would be maintained. 4Chan is a website that any knowing business/law firm would want to avoid being “highlighted” on, and ACS:law is learning this the hard way. Thus, the importance of incorporating a data governance strategy into a business’s Enterprise Risk Management Strategy should be as essential as employment practices.