Government Technology

Report: 'Widespread' Data Exposure on P2P File-Sharing Networks



February 22, 2010 By

At nearly 100 U.S. organizations -- including schools and local governments -- users with access to peer-to-peer (P2P) file-sharing networks can steal sensitive information about customers and employees, and these data breaches can be used to commit identity theft and fraud, according to a report Monday, Feb. 22, by the Federal Trade Commission (FTC), the nation's consumer protection agency.

The FTC sent out notification letters to these organizations and has launched investigations of other companies with sensitive data that has been exposed on P2P networks. While P2P technology is used to play games, make online calls, share music, videos and documents, incorrect configurations of the P2P file-sharing software can make personal information public.

In a release about the breaches, FTC Chairman Jon Leibowitz said, "We found health-related information, financial records, and driver's license and Social Security numbers -- the kind of information that could lead to identity theft. Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure."

The FTC is releasing educational materials to help businesses learn how to manage risks, and Leibowitz also said companies that distribute P2P programs should take precautions to make sure that their software doesn't share files inadvertently.

In the letters, the FTC urged the exposed organizations to review their own security practices as well as those of contractors and vendors.

"It is your responsibility to protect such information from unauthorized access, including taking steps to control the use of P2P software on your own networks and those of your service providers," the letters said.

Tips for consumers about computer security and P2P can be found at www.onguardonline.gov/topics/p2p-security.aspx. To file a complaint, visit www.ftccomplaintassistant.gov or call 1-877-382-4357.

 


| More

Comments

Janice Taylor-Gaines    |    Commented February 23, 2010

I think David Scott is right: Most individuals and organizations enjoy Security largely as a matter of luck. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary - an eCulture - for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS - check out a couple links down and read the interview with the author David Scott at Boston's Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium).

Janice Taylor-Gaines    |    Commented February 23, 2010

I think David Scott is right: Most individuals and organizations enjoy Security largely as a matter of luck. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary - an eCulture - for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS - check out a couple links down and read the interview with the author David Scott at Boston's Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium).

Janice Taylor-Gaines    |    Commented February 23, 2010

I think David Scott is right: Most individuals and organizations enjoy Security largely as a matter of luck. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary - an eCulture - for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS - check out a couple links down and read the interview with the author David Scott at Boston's Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium).


Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Improving Emergency Response with Digital Communications
Saginaw County, Mich., increases interoperability, communication and collaboration with a digital voice and data network, as well as modern computer-aided dispatch.
Reduce Talk Time in Your Support Center by 40%
As the amount of information available to citizens and employees grows each year, so do customer expectations for efficient service. Contextual Knowledge makes information easy to find, dropping resolution times and skyrocketing satisfaction.
Emerging Technology Adoption in Local Government
In a recent survey conducted by Government Technology, 125 local government leaders shared their challenges, benefits and priorities when adopting emerging technologies such as cloud, mobility and IP. Read how your jurisdiction’s adoption of technology compares to your peers.
View All

Featured Papers