ACS lawyer dodges £200,000 ICO fine
ACS:Law's Andrew Crossley gets a £1,000 fine, claiming he is too poor to pay a £200,000 penalty the ICO would have hit him with.
The owner of now-defunct solicitors firm ACS:Law has been fined 1,000 for not keeping personal data secure from hackers.
The Information Commissioner's Office (ICO) said today it would have slapped Andrew Crossley with a 200,000 fine if he had the money to pay up.
"Were it not for the fact that ACS:Law has ceased trading so that Mr Crossley now has limited means, a monetary penalty of 200,000 would have been imposed, given the severity of the breach," said information commissioner Christopher Graham.
Crossley's firm courted controversy when it sent letters to people it believed had infringed copyright, saying they needed to pay a fine for illegally downloading material or end up in court.
All cases were dropped against 27 people who took ACS:Law up on its court challenge. The firm has now folded, but sole trader Crossley could have to pay out legal costs to the alleged file sharers.
The ICO fine came as a result of poor data protection practices at ACS:Law, which was targeted by hacktivism group Anonymous leading to personal data being published on the internet.
A file containing emails between ACS:Law staff, as well as messages to and from ISPs or members of the public was placed online, affecting around 6,000 people in total.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The stolen data included ISP account details, names and addresses, as well as credit card details and references to the sex lives of those affected.
The ICO discovered ACS:Law did not even have rudimentary protections like a firewall or access control. Furthermore, the company's web hosting package was only intended for domestic use.
"This case proves that a company's failure to keep information secure can have disastrous consequences," Graham added.
"The security measures ACS:Law had in place were barely fit for purpose in a person's home environment, let alone a business handling such sensitive details."
In recent months, the ICO has been criticised for not issuing fines more regularly. A freedom of information (FoI) request put forward by encryption firm ViaSat showed the ICO had fined less than one per cent of organisations it investigated since it gained additional fining powers in April 2010.
The ICO did not say whether it had looked into the state of Crossley's finances.
The aforementioned leaked emails indicated Crossley was considering buying a Ferrari, having been the proud owner of a Bentley already.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.