[I'm surprised I haven't seen anything elsewhere on Finextra on the ACS:Law fiasco]
BT has admitted it sent the personal details of more than 500 customers as an unsecured document to legal firm ACS:Law, following a court order.
The unsecured Excel documents were sent in late August by a lawyer working for British Telecom, to Andrew Crossley who runs ACS:Law.
However, while BT requested that the personal information be held securely, the data was sent in a unencrypted document that could be read by anyone accessing the e-mail.
Two separate documents were sent out by BT. One with a list of 413 users which ACS:Law thought were sharing a music track called Evacuate The Dancefloor and a second document with more than 130 PlusNet users alleged to be sharing pornographic material.
In my own experience with BT, they are much better than this.
They once sent us details of some Company Credit Card numbers that had to be re-instated, and they were sent encrypted. When one of our employees wrote back to confirm the Cards had been reinstated, via an unencrypted confirmation list, BT (rightly) had
apoplexy, and demanded that the Cards now be cancelled and they be given new ones.
So its a pity they've now got tarnished with this saga.