The Federal Trade Commission (FTC) on Monday said it has identified widespread data leaks from businesses, schools and local governments on peer-to-peer (P2P) file-sharing networks.
As a consequence, the FTC recently alerted nearly 100 organizations whose sensitive information, including personal data about customers and employees, is currently residing on P2P networks. The notices were sent to both private and public organizations ranging in size from eight to tens of thousands of employees.
“Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers' sensitive information at risk,” FTC Chairman Jon Leibowitz said in a statement. “For example, we found health-related information, financial records and drivers' license and Social Security numbers — the kind of information that could lead to identity theft.”
P2P technology is commonly used to share music, videos and documents and can also be used to play games and make online telephone calls, the FTC said. When P2P file-sharing software is not configured properly, files may be inadvertently shared with members of the P2P network.
An FTC spokeswoman told SCMagazineUS.com on Monday that the FTC's privacy and identity protection division became aware of the problem of corporate data leaks on P2P networks during the course of its work, prompting the probe.
The FTC on Monday also released educational materials for businesses about the risks of P2P networks and ways to manage them.
“Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure,” Leibowitz said. “Just as important, companies that distribute P2P programs should ensure that their software design does not contribute to inadvertent file sharing.”
The agency also said it has opened investigations of companies whose customer or employee information was exposed on P2P networks. It did not provide any other details about the investigations, however.
“Data that simply leaks out of large firms – from banking to health care – is a bigger issue than technical hacks, in many cases,” Eric Johnson, a Dartmouth College business professor who has studied health care data leaks on P2P networks, told SCMagazineUS.com in an email Monday. “Criminals simply need to know where to look.”
Last February, Johnson released a report that detailed the findings of a two-week-long study monitoring P2P networks for sensitive health care documents. Researchers found hundreds of documents on P2P networks revealing sensitive information on tens of thousands of patients.