BT has confessed that it has sent unencrypted user data to ACS:Law via e-mail after being asked to hand over the information of suspected file sharers.
The news could mean that BT has breached the Data Protection Act and comes after ACS:Law was reported to be under investigation from the ICO following the leak of thousands of Sky broadband users personal information.
According to the BBC, a lawyer at BT had sent two e-mails with unencrypted Excel spreadsheets attached, containing the information of 413 users suspected of illegally downloading and sharing music tracks, and 130 PlusNet users suspected of illegally downloading pornography.
Both lists were a part of the e-mail database leaked by members of 4Chan, who attacked ACS:Law to protest against it sending out harassing legal notices to internet users.
ACS:Law had sent e-mails to suspected illegal file sharers, threatening them with legal action if they did not pay a fine.
The law firm has been accused of not taking the correct measures to secure the data and could face a fine of up to £500,000.
A BT spokesperson said in a statement: “We are investigating how this occurred as we have robust systems for managing data. We have already ensured that this will not happen again.”