Advocacy group, Privacy International, has reported pirate hounding law firm ACS:Law to the UK's Information Commissioner's Office for security deficiencies that led to mass exposure of alleged file-sharers.
The email database of the controversial British anti-piracy firm was leaked on file-sharing website the Pirate Bay at the weekend.
The privacy advocates raised concerns over a single email, which it said contained the street addresses, names and IP addresses of 10,000 people alleged to have shared pornographic works.
"This data breach is likely to result in significant harm to tens of thousands of people in the form of fraud, identity theft and severe emotional distress," Alexander Hanff, a PI advisor, said.
"This firm collected this information by spying on internet users, and now it has placed thousands of innocent people at risk."
The leak allegedly occurred after ACS:Law posted a backup of its email database to its website, which it was restoring following a distributed denial of service attack launched by the so-called Anonymous group as retribution for its legal threats to file-sharers.
Privacy International said the breach was not caused by the DDoS attack but by ACS:Law's "poor" data protection procedures.
"Whereas the attack prevented the ACS:law web site from being accessed, there is no evidence to suggest that the web server was compromised; it would seem that this data breach was purely down to poor server administration and a lack of suitable data protection and security technologies," it said in a statement.
PI wanted ACS:Law to contact every person that was mentioned in the email to alert them to possible financial risks as a result of the breach.