FTC notifies 100 organizations about P2P leaks

Share this article:

The Federal Trade Commission (FTC) on Monday said it has identified widespread data leaks from businesses, schools and local governments on peer-to-peer (P2P) file-sharing networks.

As a consequence, the FTC recently alerted nearly 100 organizations whose sensitive information, including personal data about customers and employees, is currently residing on P2P networks. The notices were sent to both private and public organizations ranging in size from eight to tens of thousands of employees.

“Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers' sensitive information at risk,” FTC Chairman Jon Leibowitz said in a statement. “For example, we found health-related information, financial records and drivers' license and Social Security numbers — the kind of information that could lead to identity theft.”

P2P technology is commonly used to share music, videos and documents and can also be used to play games and make online telephone calls, the FTC said. When P2P file-sharing software is not configured properly, files may be inadvertently shared with members of the P2P network.

An FTC spokeswoman told SCMagazineUS.com on Monday that the FTC's privacy and identity protection division became aware of the problem of corporate data leaks on P2P networks during the course of its work, prompting the probe. 

The FTC on Monday also released educational materials for businesses about the risks of P2P networks and ways to manage them.

“Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure,” Leibowitz said. “Just as important, companies that distribute P2P programs should ensure that their software design does not contribute to inadvertent file sharing.”

The agency also said it has opened investigations of companies whose customer or employee information was exposed on P2P networks. It did not provide any other details about the investigations, however.

“Data that simply leaks out of large firms – from banking to health care – is a bigger issue than technical hacks, in many cases,” Eric Johnson, a Dartmouth College business professor who has studied health care data leaks on P2P networks, told SCMagazineUS.com in an email Monday.  “Criminals simply need to know where to look.”

Last February, Johnson released a report that detailed the findings of a two-week-long study monitoring P2P networks for sensitive health care documents. Researchers found hundreds of documents on P2P networks revealing sensitive information on tens of thousands of patients.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.