The U.S. Federal Trade Commission (FTC) has written to over 100 firms and organizations warning about a widespread, on-going data breach due to misuse of peer-to-peer (P2P) file sharing software. The FTC did not specify who it contacted, but said it included public and private institutions including schools and companies that employee as few as 8 people to others than employ tens of thousands.
The FTC said that sensitive data about customers and employees had been shared from computer networks to virtually anybody in the world connected to the Internet and P2P file-sharing networks. "Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers' sensitive information at risk," FTC chairman Jon Leibowitz said.
These types of data breaches are serious because of their potential to facilitate identify theft or fraud. "For example, we found health-related information, financial records, and driver's license and social security numbers -- the kind of information that could lead to identity theft," Leibowitz said.
"Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure." It's not just the organizations with P2P users that need to be cautious either, Leibowitz said developers of P2P software should take measures to block accidental sharing of files.
Sensitive data being made available on P2P networks is probably accidental in the vast majority of cases, as an employee of a particular organization could install P2P software to download music or other content, and accidentally include sensitive information among shared items.
These types of data breaches are serious because of their potential to facilitate identify theft or fraud. "For example, we found health-related information, financial records, and driver's license and social security numbers -- the kind of information that could lead to identity theft," Leibowitz said.
"Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure." It's not just the organizations with P2P users that need to be cautious either, Leibowitz said developers of P2P software should take measures to block accidental sharing of files.
Sensitive data being made available on P2P networks is probably accidental in the vast majority of cases, as an employee of a particular organization could install P2P software to download music or other content, and accidentally include sensitive information among shared items.
