A list of more than 5,300 users of UK ISP Sky broadband were posted on the internet, with details of their names, addresses and the titles of pornographic films they were accused of illegally sharing.
The list was compiled by ACS: Law solicitors, who specialise in tracing people suspected of media piracy.
ACS: Law’s website experienced denial of service attacks by users of message board 4chan, who are opposed to its anti-piracy aims. The list appeared online after this attack.
The UK Information Commissioner said it would investigate the leak in order to see how the information was allowed to be made public.
“Any organisation processing personal data must ensure that it is kept safe and secure,” a spokesperson for the Information Commissioner said.
The Information Commissioner later told the BBC that the firm could be fined £500,000 for the leak of information.
The firm sends thousands of letters to alleged internet pirates, asking them to pay £500 per infringement or face court.
It uses third-party companies to search online for possible infringements of film and music copyright.
Once it has IP address of those who may have infringed copyright, its lawyers apply for a court order to get the physical address of the PC from the service provider whose network has been accused of file sharing.
It has been criticised in the past over claims that it has wrongly accused people of infringing copyright. Many also point out that IP addresses can be spoofed.
This leak contains about 1,000 confidential emails, including personal correspondence. One of the messages had the unencrypted list attached to it.
It was uploaded to the illegal file-sharing site The Pirate Bay, where hundred of users are accessing it.
The unencrypted document could be seen as a breach of the Data Protection Act, however Andrew Crossley of ACS: Law says there are “legal issues” around the leak.
“We were the subject of a criminal attack to our systems. The business has and remains intact and is continuing to trade,” he said to the BBC.
ACS: Law was one of the numerous entertainment-industry affiliated companies to receive such attacks from 4chan users.
The MPAA and RIAA were also attacked and brought offline, believed to have been done to oppose action taken against The Pirate Bay.