Thousands of Sky Broadband customers that are accused of illegally downloading files from the web have had their details posted online.
The personal details of 5,300 Sky customers, along with the names of the porn films they were thought to have obtained illegally, were being held by ACS:Law, one of a number of solicitors responsible for sending out around 50,000 letters to web users earlier this year, claiming the recipient had illegally shared files.
The letters demanded the recipients pay a £500 fine and sign a legal undertaking agreeing not to illegally file-share in the future.
It is thought the leak was the result of a DDoS attack on ACS:Law’s website by message board 4chan, due to the firm’s party in tracking illegal downloaders.
"We were the subject of a criminal attack to our systems. The business has and remains intact and is continuing to trade,” said Andrew Crossley from the legal firm.
The Information Commissioner's Office (ICO) has revealed it will be investigating the leak and ACS:Law could be fined as a result.
"The question we will be asking is how secure was this information and how it was so easily accessed from outside. We'll be asking about the adequacy of encryption, the firewall, the training of staff and why that information was so public facing," said the Information Commissioner Christopher Graham.
"The Information Commissioner has significant power to take action and I can levy fine of up to half a million pounds on companies that flout the [Data Protection Act]."
Privacy International reported ACS:Law to the ICO.
“This data breach is likely to result in significant harm to tens of thousands of people in the form of fraud, identity theft and severe emotional distress," said Alexander Hanff from Privacy International.
Web users that have received letters from the law firm, along with those that paid the fines, are being warned to be on their guard for unsolicited calls or unusual transactions on their credit cards in case their details have fallen into the hands of cybercriminals.