Plenty of spin and rumour with this but it looks as if backup files were restored to web root.

1. The original server was DDOS'd
2. A spare server was powered up
3. A backup file was restored to the spare server, not to original locations but to wwwroot / document root or some other public viewable place.

Files now on torrents and being shared.

I wonder though: if ACS (or an appointed 3rd party) were using IP logging software during their trawl of illegal file sharers, would they now also be doing the same for the sharers of their backup files?

---

I have no faith in the ICO 'fining them £500,000'. It won't even be a penny. It's just more weasel words and hollow barking from the ICO; as if they are trying to be seen to be doing something whilst the bonfire of the quangos are being ignited.

A couple of other points:

Various sites are posting the contents of the emails which were recovered from the backups. Whilst highly amusing I think there is a real legal issue here.

Most of the emails have the 'this email is for the intended recipient only ....' disclaimer. If others are reproducing those emails on a public site where does the law stand?

Either putting a legal disclaimer in your emails is a waste of time or it is not!

There is also the problem of libel and defamation. Some of the emails (especially to ex-spouses) look dodgy, and there are other issues such as private emails which can be highly embarrassing for innocent correspondents of ACS employees, and suspicious business matters.

This is really fascinating but there are many innocent people out there and there really is no redress for them, suffice to take their own legal action at their own cost.

The ICO will epic fail again here. This will just be another data incident to add to the list, and another incident where no one will be punished, and no one will be deterred.