The details of 500 PlusNet users which were leaked online were sent to anti-piracy solicitors ACS:Law in an unsecured document, BT has admitted.
According to BBC News, BT, which owns PlusNet, sent the spreadsheets of customers’ personal data following a court order.
The Excel documents were emailed by BT lawyer Prakash Mistry to ACS:Law boss Andrew Crossley.
The emails were then leaked online after a security breach on the ACS website. BT had requested the data be kept secure, however, the documents sent were reportedly unencrypted.
The two documents consisted of a list of 413 users alleged to have shared a song called Evacuate the dancefloor, while another 130 were listed in a separate document as allegedly sharing pornography.
On BT’s PlusNet forum, a moderator called Nigel confirmed the data was sent. "In answer to the question above about whether we sent out customer details in unencrypted files, I can confirm that this did happen,” he wrote.
"We are investigating how this occurred as we have robust systems for managing data. We have already ensured that this will not happen again.”
A PlusNet spokesperson told the BBC that it had contacted all affected customers and was working with them to protect them from “further exposure”.
The details of thousands of Sky Broadband customers were also leaked during the security breach of the ACS website.