Attacks On MPAA’s UK Law Firm Lead to Data Leaks, Lawsuit

A UK Law firm that has aggressively pursued cases against illegal file sharing on behalf of the Motion Picture Association of America (MPAA) and Recording Industry Association of America (RIAA) now finds itself in the cross hairs of both hackers and and privacy activists. 

A UK Law firm that has aggressively pursued cases against illegal file sharing on behalf of the Motion Picture Association of America (MPAA) and Recording Industry Association of America (RIAA) now finds itself in the cross hairs of both hackers and and privacy activists. 

The firm was the subject of distributed denial of service attacks orchestrated by the online prank group 4chan last week – part of a larger action against the Web sites of the MPAA, RIAA and an anti-piracy technology company, according to a report by torrentfreak.com. That attack prompted a feisty response in published reports from Andrew Crossley, a principal at the firm, after the firm was able to restore its Web site. That response, in turn, led to further attacks and the publication, over the weekend, of what appear to be personal and company e-mails from ACS. Those e-mail expose embarrassing personal correspondence, as well as personal details on UK residents who ACS was pursuing for illegal download activities and what appear to be disturbing insights into ACS’s pursuit of them on behalf of clients like the MPAA.

Crossley did not immediately respond to a request for comment. 

Torrents of the e-mail archives and stolen fax messages were published on the Pirate Bay, a file sharing hub, and on the Web. Due to heavy traffic, Threatpost.com was not able to view the files to confirm their authenticity. According to published reports, however, they include both Crossley’s personal e-mail and those of the firm and individual employees. The amount of e-mail stolen ranges from a month to several months. 

On Monday, the privacy rights group Privacy International said it notified the UK’s Information
Commissioner’s Office (ICO) of a breach of the Data Protection Act . The group said ACS violated UK laws by allowing a sensitive archive of data to be stored on a public facing web server and urged ACS to contact those whose names appear in the stolen e-mail trove to make them aware of the data leak. 

ACS Law first came to prominence in late 2009, when it sent out 30,000 letters to UK residents suspected of illegally trading in pirated movies online. The company had faced scrutiny since then for what some considered aggressive methods to identify and pursue individuals suspected of file sharing, often with the goal of exacting payment of fines from them. 

Suggested articles

45 Million Medical Images Left Exposed Online

45 Million Medical Images Left Exposed Online

A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes.