Network News

X My Profile
View More Activity

FTC finds widespread data breaches through P2P applications

The Federal Trade Commission said Monday it has uncovered widespread data breaches by companies, schools and local governments whose employees are engaged in peer-to-peer file sharing.

The consumer protection agency said it sent nearly 100 letters to organizations that have released personal information -- including data about customers and/or employees – through those direct file-sharing applications. The FTC found that health-related and financial information, drivers’ license and social security numbers were leaked by companies big and small in their probe. And it warned that the data breaches could lead to identity fraud or theft.

“Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers’ sensitive information at risk,” said FTC Chairman Jon Leibowitz in a release. “Companeis should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure.”

In its letters, the agency said the companies and public organizations should contact customers and employees and let them know that their information is available on P2P networks and needs to be secured from public exposure.

How would something like this occur? As a hypothetical, an employee who has access to the social security numbers of customers on his or her computer that is also sharing music files or playing video games on a P2P applications like BearShare, LimeWire, Vuze, or BitTorrenet could be making those files available to anyone else on the P2P network.

By Cecilia Kang  |  February 22, 2010; 2:18 PM ET
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: German official: Google Buzz "massive intrusion of privacy"
Next: AT&T, Verizon, Cable Industry warn FCC against reclassification


Surprised, Cecilia? Perhaps if you were not drunk on Google's "Net-Neutraltinis," you might recognize the simple fact that P2P was created FOR THE PURPOSE of criminal activity. The authors of this software not only have zero interest in protecting users; they WANT those users' personal information to be exposed so that it can be stolen and abused. No honor among thieves.

Posted by: LBrettGlass | February 22, 2010 3:12 PM | Report abuse

I think David Scott is right: Most individuals and organizations enjoy Security largely as a matter of luck. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS – check out a couple links down and read the interview with the author David Scott at Boston’s Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium).

Posted by: janice33rpm | February 23, 2010 12:30 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company