AfterDawn: Tech news

FTC warns organiations, firms about P2P sensitive data leaks

Written by James Delahunty (Google+) @ 22 Feb 2010 21:48 User comments (4)

FTC warns organiations, firms about P2P sensitive data leaks The U.S. Federal Trade Commission (FTC) has written to over 100 firms and organizations warning about a widespread, on-going data breach due to misuse of peer-to-peer (P2P) file sharing software. The FTC did not specify who it contacted, but said it included public and private institutions including schools and companies that employee as few as 8 people to others than employ tens of thousands.
The FTC said that sensitive data about customers and employees had been shared from computer networks to virtually anybody in the world connected to the Internet and P2P file-sharing networks. "Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers' sensitive information at risk," FTC chairman Jon Leibowitz said.

These types of data breaches are serious because of their potential to facilitate identify theft or fraud. "For example, we found health-related information, financial records, and driver's license and social security numbers -- the kind of information that could lead to identity theft," Leibowitz said.

"Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure." It's not just the organizations with P2P users that need to be cautious either, Leibowitz said developers of P2P software should take measures to block accidental sharing of files.

Sensitive data being made available on P2P networks is probably accidental in the vast majority of cases, as an employee of a particular organization could install P2P software to download music or other content, and accidentally include sensitive information among shared items.

Previous Next  

4 user comments

123.2.2010 4:07

I would hope that businesses would try and keep P2P stuff off of work machines. Imagine if a few of your employees were running LimeWire. Trojan much?

This message has been edited since its posting. Latest edit was made on 23 Feb 2010 @ 4:32

223.2.2010 11:47

why is this information even in a open network it should be in a closed network. much like security is.

323.2.2010 12:14

I think David Scott is right: Most individuals and organizations enjoy Security largely as a matter of luck. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS – check out a couple links down and read the interview with the author David Scott at Boston’s Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium).

425.2.2010 7:46

How long until someone in the entertainment industry seizes on this and starts saying "see, P2P is bad"

How many games and other large software packages have patches distributed via P2P? I know of a bunch, and a couple of the games have a LARGE user base (i.e. millions of users each)

Comments have been disabled for this article.

News archive