September 30, 2010, 10:38 AM — BT has been embroiled in the incident that saw the names of 5,300 Sky customers acussed of illegally downloading porn films, leaked on the web following an attack on the website of legal firm ACS:Law.
The telecommunications company has revealed it sent an unsecured Excel document containing details of 500 BT and PlusNet users, also thought to have taken part in illegal file-sharing, to ACS:Law.
The data was sent by Prakash Mistry, a lawyer working for BT, to Andrew Crossley of ACS:Law, and may have breeched the Data Protection Act possibly resulting in a fine.
The Data Protection Act requires customers details to be kept secure and while BT asked ACS:Law to keep the data secure, it did not encrypt the information before it was sent.
"I can confirm that this did happen," a moderator called 'NigelE' said on PlusNet's forums.
"We are investigating how this occurred as we have robust systems for managing data. We have already ensured that this will not happen again."
The moderator also said the firms do not believe any customers details have been compromised by the attack on ACS:Law's website.
PlusNet told the BBC it is working with the customers whose details were contained within the document "to protect them as much as possible from further exposure" and will offer them "an identity protection service including internet security software free of charge for the next 12 months".
"Due to serious concerns about the integrity of the process that is being used by rights holders, we will resist efforts to share more customer details with rights holders and those acting on their behalf until we can be sure that alleged copyright infringements have some basis and customers are treated fairly," PlusNet added.
The Information Commissioner's Office (ICO) has been alerted to the incident. The ICO said it will include the two ISP's in its current investigation into the ACS:Law data leak.
However, Simon Davies from Privacy International revealed BT appears to be in contempt of a high court order. On July 7, the telecommunications company was ordered by Chief Master Winegarten, to hand over the data on suspected illegal downloaders.