FTC Warns 100 Companies Of Data Leaks From P2P Networks
In the letters, the FTC warned schools, businesses and local governments that widespread data leaks occurred after their employees swapped music via P2P networks, which exposed copious personal information such as health and financial data and Social Security and drivers' license numbers. Subsequently, this kind of data leakage could likely entice criminally minded hackers to commit identity theft or fraud, the letters warned.
The FTC also advised the organizations to thoroughly examine and update their security policies regarding users' behavior online, particularly in regards to their use of P2P file sharing. The letters also urged companies to review the security practices of contractors and other vendors to ensure that they are compliant with the law.
"The Federal Trade Commission is sending you this letter because at least one computer file containing sensitive personal information from or about your customer and/or employees have been shared from your computer network, or the network of one of your service providers, to a peer-to-peer file sharing network,' the FTC letter said. "The information is now available to users of the P2P network, who could use it to commit identity theft or fraud. Your failure to prevent such information from being shared to a P2P network may violate laws enforced by the Commission."
P2P technology can be used legitimately to play games, make online calls and share music and video files. However, P2P software can expose sensitive files if not configured properly, the FTC said.
The FTC is currently launching a non-public investigation of companies whose customer or employee information has been exposed as a result of P2P file sharing activities, while advising the organizations to issue notifications to affected users. Many states already have laws in place requiring businesses to notify affected users once a data breach has occurred.
"Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers sensitive information at risk," said FTC Chairman Jon Leibowitz in a statement. "Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure. Just as important, companies that distribute P2P programs, for their part, should ensure that their software design does not contribute to inadvertent file sharing."
The affected organizations run a range from very small companies with as few as eight users to large-scale enterprise organizations with more than 10,000 employees.