UK telco BT has been revealed as the source of a list of personal customer data, which has been made publicly available on the internet. The list in question, containing more than 500 names of broadband account holders, was sent from BT’s legal department in late August to a law firm ACS: Law. The names on the list are allegedly linked with the illegal sharing of copyrighted material.

The data was sent in an unencrypted form however, and fell into the hands of hackers who targeted ACS: Law. The firm had been under attack from users of the popular 4chan forum in retribution for legal threats sent out to alleged content pirates. Much more sensitive data is expected to emerge after ACS’s website was hacked.

“We are investigating how we came to be sending unencrypted data as we have robust systems for managing data. We have already ensured that this type of incident will not happen again, launched an internal enquiry and we have alerted the Information Commissioner’s Office,” BT said.

Sky has also been embroiled in the situation after a similar list, containing information about its users, was liberated from ACS by the 4chan hackers.