[LINK] Fwd: [PRIVACY] Privacy International (PI): PI aims to pursue UK law firm for data breach

Jan Whitaker jwhit at melbpc.org.au
Tue Sep 28 08:18:34 EST 2010

Note the purpose of the collection in the first place.

>Law firm that tracks internet users exposes confidential information
>Press Release
>For immediate release.
>Privacy International has announced that it is planning legal action 
>against a UK law firm for breaching the privacy of internet users 
>after a security breach.
>The information held by ACS:Law, a law firm that has been tracking 
>internet users to pursue legal action for breach of copyright, 
>includes vast amounts of information on thousands of internet users. 
>While the full extent of this breach is not yet known, one report 
>stated that among the stolen files is a single email containing the 
>personal information of approximately 10,000 people assumed to have 
>been involved in file-sharing of pornographic works, exposing their 
>names, addresses, postcodes, and Internet protocol addresses. Other 
>reports indicate that credit card details have also been made available.
>According to Alexander Hanff, PI Advisor: "This data breach is 
>likely to result in significant harm to tens of thousands of people 
>in the form of fraud, identity theft and severe emotional distress."
>"This firm collected this information by spying on internet users, 
>and now it has placed thousands of innocent people at risk."
>PI has briefed the Information Commissioner's Office and is 
>preparing a complaint. PI is also accepting complaints directly from 
>the public, and we urge anyone who is a victim of this breach to get 
>in touch as soon as possible by emailing alex at privacy.org.
>Breach of Security
>On the evening of Friday 24th September 2010, ACS:Law exposed its 
>email archive on its website, thereby disclosing confidential 
>information spanning almost three months across multiple email accounts.
>The breach occurred as ACS:Law were reportedly bringing their web 
>site back online after suffering a Distributed Denial of Services 
>(DDoS) attack by the group Anonymous. Whereas the attack prevented 
>the ACS:law web site from being accessed, there is no evidence to 
>suggest that the web server was compromised; it would seem that this 
>data breach was purely down to poor server administration and a lack 
>of suitable data protection and security technologies.
>The entire email archive was quickly uploaded to various file 
>sharing networks and has now been distributed widely. We estimate 
>that it has been now been downloaded hundreds of thousands of times.
>Breach of Law
>Privacy International has notified the Information Commissioner's 
>Office (ICO) of this breach of the Data Protection Act and we have 
>been assured that they are taking this case seriously.
>We urge ACS:Law to contact each and every person who is mentioned 
>throughout the email archive and disclose the breach to them so they 
>might take appropriate steps to secure their bank accounts and credit cards.
>This notification is essential so that individuals can also 
>determine whether or not they wish to take legal action against the firm.
>ACS:Law has breached the Data Protection Act by allowing a sensitive 
>archive of data to be stored on a public facing web server. The law 
>requires that:
>"Appropriate technical and organisational measures shall be taken 
>against unauthorised or unlawful processing of personal data and 
>against accidental loss or destruction of, or damage to, personal 
>data." Privacy International will continue to pass new information 
>to the ICO Enforcement Team as and when it becomes available.
>Email us at privacyint at privacy.org.
>Call on +44 (0)208.123.7933.

Melbourne, Victoria, Australia
jwhit at janwhitaker.com
blog: http://janwhitaker.com/jansblog/
business: http://www.janwhitaker.com

Our truest response to the irrationality of the world is to paint or 
sing or write, for only in such response do we find truth.
~Madeline L'Engle, writer

_ __________________ _

More information about the Link mailing list