A lawyer who sent 'bullying' letters to Brits accused of illegal filesharing has been fined just £1,000 by the Information Commissioner for a data breach after claiming he cannot afford the full £20,000 penalty.
Andrew Crossley, who headed up legal firm ACS:Law, sent thousands of letters to Brits whose IP addresses were used to illegally download files from the web. The letters ordered recipients to either pay compensation or face legal action.
In retaliation for the letters, online 'hacktivists' Anonymous carried out a denial-of-service attack on the ACS:Law website last year. However, a flaw in the website resulted in the personal details of 6,000 Sky and BT customers thought to have illegally downloaded files, along with the names of the porn films they were thought to have obtained illegally, being leaked online.
"Sensitive personal details relating to thousands of people were made available for download to a worldwide audience and will have caused them embarrassment and considerable distress," said Information Commissioner Christopher Graham.
"The security measures ACS Law had in place were barely fit for purpose in a person's home environment, let alone a business handling such sensitive details."
"Were it not for the fact that ACS Law has ceased trading so that Mr Crossley now has limited means, a monetary penalty of £200,000 would have been imposed, given the severity of the breach," Graham said.
"Penalties are a tool for achieving compliance with the law and, as set out in our criteria, we take people's circumstances and their ability to pay into account."
The ICO also told PC Pro that the fine could be reduced even further to just £800 if Crossley pays on time.