Sharing copyrighted files is illegal

Andrew Crossley, the former owner of ACS:Law Solicitors, has been fined £1,000 by the Information Commissioner’s Office (ICO).

Andrew Crossley received the fine after the information watchdog found him guilty of failing to keep the sensitive, personal information of thousands of broadband users secure.

In September last year, the ACS:Law website was hit with a distributed denial of service attack (DDOS). The unencrypted details of approximately 6,000 broadband users, who were alleged to be involved in illegally sharing pornography, were posted online.

These included ISP account details, names and addresses, and IP addresses. It also included some credit card details, as well as references to their sex life, health and financial status, the ICO said.

For more information read the Which? guide – what you need to know about file sharing

When the ICO investigated the breach, days after the DDOS attack, it said it found serious flaws in ACS:Law’s IT security system, which did not include basic elements such as a firewall and access control. At the time, it was widely believed that the data breach would lead to a £200,000 fine.

Handing down the fine Christopher Graham, the information commissioner, said: ‘The security measures ACS:Law had in place were barely fit for purpose in a person’s home environment, let alone a business handling such sensitive details.

‘[However] As Mr Crossley was a sole trader it falls on the individual to pay the fine. Were it not for the fact that ACS:Law has ceased trading so that Mr Crossley now has limited means, a monetary penalty of £200,000 would have been imposed, given the severity of the breach.’

He added: ‘Penalties are a tool for achieving compliance with the law and, as set out in our criteria, we take people’s circumstances and their ability to pay into account.’

ACS:Law ceased trading at the end of January.

Keep up date with the latest computing developments by taking out a trial to Which? Computing magazine