As a result, U.K. and U.S.-based watchdog group, Privacy International (PI) is preparing to take action against ACS:Law claiming its efforts to mount a breach of copyright campaign against users accused of illegally sharing porn content exposed vital information.
The glitch — said to be the result of poor server administration and lack of security — made the names, addresses, postal codes, IP addresses and even credit card information of more than 10,000 users available for download that reports said is estimated to be in the “hundreds of thousands.”
PI cited the Data Protection Act, which prohibits sensitive data from being stored on a public website and said that unencrypted emails were stolen from the ACS:Law website on Friday evening while the systems were being subjected to a string of distributed denial-of-service (DDoS) attacks by the online pirate collective Anonymous.
The Anonymous campaign began last Tuesday when the group responded to attacks by anti-piracy groups on the file-sharing website The Pirate Bay. The collective then launched its own salvo against a variety of firms and organizations associated with the war on online copyright infringement.
The initial targets were the Motion Picture Association of America (MPAA) and Recording Industry Association of America (RIAA) websites as well as British law firms ACS:Law and Davenport Lyons.
Reports said that Anonymous renewed its attack on ACS:Law on Friday after the company's top lawyer, Andrew Crossley, was quoted as saying he was less concerned about the first attack than he was about his train turning up late or having wait in line for coffee.
When ACS:Law restored its website following this second assault, it inadvertently exposed a backup of its emails and according to PI, Anonymous then made three months of email work available through The Pirate Bay.
"This data breach is likely to result in significant harm to tens of thousands of people in the form of fraud, identity theft and severe emotional distress," PI advisor Alexander Hanff said.
He added, "This firm collected this information by spying on Internet users and now it has placed thousands of innocent people at risk."
It has been speculated that PI has been gunning for ACS:Law because the law firm is being investigated by the U.K.'s Solicitors Regulation Authority for its letter writing campaigns that demand money in exchange for not taking the recipient to court for their alleged copyright infringements.
But PI’s Hanff denied that the privacy group's outrage was related and said, "There's no bias here at all.”