BULLYING LAW FIRM ACS:Law could be receiving a few threatening letters of its own after its security breach at the hands of Internet vigilante group 4Chan.
The fallout from the distributed denial of service (DDoS) attack against ACS:Law's website has gone far beyond just punting the firm's website offline. After the attack, the website came back online with a 350MB file containing emails and a list of over 5,000 Sky Broadband customers that the firm has claimed illegally downloaded pornography.
It is this file that looks to have placed ACS:Law in trouble with the Information Commissioner's Office (ICO). The regulatory body primarily deals with the Data Protection Act, though it also concerns itself with various other privacy and information laws, and earlier this year was given the power to investigate and issue fines of up to £500,000 for such a breach of the Data Protection Act.
In a statement the ICO said, "The ICO takes all breaches of the Data Protection Act very seriously. Any organisation processing personal data must ensure that it is kept safe and secure. This is an important principle of the Act. The ICO will be contacting ACS:Law to establish further facts of the case and to identify what action, if any, needs to be taken."
The press officer told The INQUIRER that it was in discussions with ACS:Law and considering what action, if any, would be taken against the firm.
4Chan's actions might have been judged as immature by some, however the data breach could pose a far bigger problem for ACS:Law than having its website knocked offline. The law firm's actions have been repeatedly condemned, even by some of those whom it supposedly tries to help.
ACS:Law had been blanket bombing Internet users armed with little more than an IP address accusing them of illegally sharing files. In some of the emails that had been leaked through the 350MB backup file, ACS:Law's master of ceremonies Andrew Crossley had all but admitted that he was simply scaring people into giving him cash.
Independent consumer group Which? found that ACS:Law had sent threatening letters to innocent people, while the British Phonographic Industry, an outfit one would think is a staunch supporter of ACS:Law, said that it would not be adopting similar tactics.
At this time ACS:Law's website is still offline and one can't help but wonder what other files might appear when it does come back up. µ
Plus, it's goodbye to Device Assist
Vulnerabilities in the iOS sandbox thankfully found by the good guys
Data watchdog will make sure firm is being fully transparent about the controversial move
Chinese firm reportedly forces staff to do 82 hours of overtime a month