Ex-ACS:Law head must pay up after public email leak

Copyright-focused law firm ACS:Law became a staple in headlines for the better part of a year, but not for any altruistic endeavor or exemplary business performance. Quite the opposite, actually. And despite the fact ACS: Law is effectively dead, it continues to make news.

The firm’s former leader Andrew Crossley was ordered today by the UK’s Information Commissioner’s Office to pay a small fine – £1,000 – for the massive September 2010 data breach (courtesy of Anonymous) that leaked ACS:Law’s entire email archive online for all to see.

What’s surprising is that the amount is a drop in the bucket compared to what Crossley was originally on the hook for.

Ex-ACS:Law head must pay up after public email leak

A statement by ICO chief Christopher Graham disclosed the original price attached to Crossley’s role in the data leak: £200,000.

Graham explained the decision to cut the fine in a press release (.pdf):

As Mr. Crossley was a sole trader it falls on the individual to pay the fine. Were it not for the fact that ACS Law has ceased trading so that Mr. Crossley now has limited means, a monetary penalty of £200,000 would have been imposed, given the severity of the breach. Penalties are a tool for achieving compliance with the law and, as set out in our criteria, we take people’s circumstances and their ability to pay into account.

ICO, which investigates internet-based security complaints and promotes public data privacy, was understandably invested in the case against Crossley.

ACS:Law accidentally published thousands of people’s email information and its own internal communications after an Anonymous DDoS attack disrupted the firm’s public website.

Graham criticized the firm’s security, or lack thereof. “The security measures ACS Law had in place were barely fit for purpose in a person’s home environment, let alone a business handling such sensitive details,” he said.

ICO also found that Crossley “did not seek professional advice when setting up and developing the IT system which did not include basic elements such as a firewall and access control.” Furthermore, the investigation found that Crossley “received no assurances from the web-host that information would be kept secure.”

In light of these details, some have questioned if such a drastic fine slashing was necessary.

TorrentFreak claims it has access to 2010 documents wherein Crossley tells a court that he owns a £750,000 home and collected upwards of £1.5 million from frivolous and/or faulty settlement letters.

The UK-based ACS:Law formerly drew legal flak for questionable copyright protection methods undertaken for companies such as Media Cat, which included sending legal notices to accused pirates requesting that they pay up to avoid prosecution. As it turned out, some of those alleged copyright thieves were innocent.

ACS: Law shut down in February.