FTC notifies 100 organizations about P2P leaks

Share this article:

The Federal Trade Commission (FTC) on Monday said it has identified widespread data leaks from businesses, schools and local governments on peer-to-peer (P2P) file-sharing networks.

As a consequence, the FTC recently alerted nearly 100 organizations whose sensitive information, including personal data about customers and employees, is currently residing on P2P networks. The notices were sent to both private and public organizations ranging in size from eight to tens of thousands of employees.

“Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers' sensitive information at risk,” FTC Chairman Jon Leibowitz said in a statement. “For example, we found health-related information, financial records and drivers' license and Social Security numbers — the kind of information that could lead to identity theft.”

P2P technology is commonly used to share music, videos and documents and can also be used to play games and make online telephone calls, the FTC said. When P2P file-sharing software is not configured properly, files may be inadvertently shared with members of the P2P network.

An FTC spokeswoman told SCMagazineUS.com on Monday that the FTC's privacy and identity protection division became aware of the problem of corporate data leaks on P2P networks during the course of its work, prompting the probe. 

The FTC on Monday also released educational materials for businesses about the risks of P2P networks and ways to manage them.

“Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure,” Leibowitz said. “Just as important, companies that distribute P2P programs should ensure that their software design does not contribute to inadvertent file sharing.”

The agency also said it has opened investigations of companies whose customer or employee information was exposed on P2P networks. It did not provide any other details about the investigations, however.

“Data that simply leaks out of large firms – from banking to health care – is a bigger issue than technical hacks, in many cases,” Eric Johnson, a Dartmouth College business professor who has studied health care data leaks on P2P networks, told SCMagazineUS.com in an email Monday.  “Criminals simply need to know where to look.”

Last February, Johnson released a report that detailed the findings of a two-week-long study monitoring P2P networks for sensitive health care documents. Researchers found hundreds of documents on P2P networks revealing sensitive information on tens of thousands of patients.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.