Andrew Crossley, the solicitor at the centre of a storm over attempts to threaten filesharers with compensation costs, has been fined by the Information Commissioner over lax IT security.
Crossley was fined £1,000, evading a £200,000 penalty that would have been imposed had his company – ACS Law – not gone out of business.
ACS Law had been tracking alleged infringers of music, video and adult content copyrights. Last September, ACS Law’s website was subjected to an attack. Shortly afterwards a file containing emails from the firm appeared on a website which allowed anyone access to around 6,000 people’s sensitive personal information.
The data included individuals’ internet service provider account details, their names and home addresses, their IP addresses and information about the content they were alleged to have illegally copied. Some of the emails also included people’s credit card details, as well as references to their sex life, health and financial status.
As owner and data controller of ACS Law, Crossley had failed to keep sensitive personal information relating to around 6,000 people secure, the Information Commissioner ruled.
ACS Law had not sought professional advice when setting up its IT system which had no firewall or access control, the Information Commissioner found. In addition ACS Law’s web-hosting package was only intended for domestic use.
“Sensitive personal details relating to thousands of people were made available for download to a worldwide audience and will have caused them embarrassment and considerable distress,” said Information Commissioner Christopher Graham. “The security measures ACS Law had in place were barely fit for purpose in a person’s home environment, let alone a business handling such sensitive details.”
Graham added: “Were it not for the fact that ACS Law has ceased trading so that Mr Crossley now has limited means, a monetary penalty of £200,000 would have been imposed, given the severity of the breach.”
Last month a judge said Crossley may also have to pay out legal costs after his filesharing cases failed in court.
Find your next job with computerworld UK jobs