Showing results for 
Search instead for 
Did you mean: 

ACS:Law - recent incident

Posts: 5,560
Thanks: 2
Registered: ‎05-04-2007

ACS:Law - recent incident

On 25th September the law firm 'ACS:Law' were subject to an incident that left a large amount of confidential information visible to the public. This data included a significant amount of the law firm's corporate emails which were then copied and made widely available across the Internet.
Prior to the incident occurring, ACS:Law had sought and obtained court orders requiring us to disclose to the firm the names and addresses of a number of our customers whom they believed to have engaged in unlawful uploading of copyright material over the Internet. These allegations were those of the Copyright holder/ACS:Law and are not made by Plusnet.
Plusnet takes the security of our customers' data very seriously indeed, and we are very concerned that information we were legally obliged to share in confidence with a third party has been made public on the Internet.
update: earlier today
Quote from: Richard
Our first concern is with our customers but we have been obliged to respond to court orders requiring that we disclose customer data. However, there is increasing evidence that there are deep concerns regarding the integrity of the process being used by rights holders to obtain customer data from ISPs for pursuing alleged copyright infringements. We need to have further confidence that the initial information gathered by rights holders is robust and that our customers will not be treated unfairly. We are urgently exploring how this can be assured, including through the assistance of the courts.
I also wanted to respond to the question on did we send out customer details in unencrypted files?
It has no bearing on this issue but we would like to apologise for this break in our process – we have contacted all of our affected customers and are working with them closely to protect them as much as possible from further exposure. We are investigating how this happened as we have robust systems for managing our data and we have already ensured this will not happen again.

further update: tonight
Quote from: Richard
Due to serious concerns about the integrity of the processes used to obtain and store private customer information we are suspending with immediate effect the supply of any further customer data to ACS:Law until we are satisfied that weaknesses in these procedures have been addressed.


further update: 29/09/10
Quote from: Fletch
Firstly, we would like to apologise again to customers affected by the leak of data from ACS Law.  We can confirm that we did send unencrypted data to ACS Law. However, this was not the cause of the leak. At a later date, due to a cyber-attack on the systems of the law firm, data that it held was leaked. We are extremely angry with ACS Law for allowing this to happen.

We would like to re-iterate that we have contacted all the affected customers via email.  However, if you haven’t received an email from us and you have previously received a letter from ACS Law in relation to Plusnet, then please raise a ticket via our Help Assistant .

As a result of the incident at ACS Law, Plusnet will be providing all affected customers with an Identity Protection Service, including internet security software, free of charge for the next 12 months.  We will contact customers directly regarding this over the coming days.
We are investigating how we came to be sending unencrypted data as we have robust systems for managing data. We have already ensured that this type of incident will not happen again, launched an internal enquiry and we have alerted the Information Commissioner's Office (ICO). We will work with the ICO to clarify our position.
As we stated yesterday we are no longer co-operating with ACS Law over the provision of information and can confirm that we are reviewing our position in relation to these requests in general. Due to serious concerns about the integrity of the process that is being used by rights holders, we will resist efforts to share more customer details with them and those acting on their behalf until we can be sure that alleged copyright infringements have some basis and customers are treated fairly.

There is an FAQ with further detail here and a discussion thread ongoing here
edit:added update from 29/09
Posts: 29,464
Thanks: 6,619
Fixes: 1,482
Registered: ‎11-01-2008

Re: ACS:Law - recent incident

Discussion regarding this announcement can be found here
Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'