Government Technology

Report: 'Widespread' Data Exposure on P2P File-Sharing Networks



February 22, 2010 By

At nearly 100 U.S. organizations -- including schools and local governments -- users with access to peer-to-peer (P2P) file-sharing networks can steal sensitive information about customers and employees, and these data breaches can be used to commit identity theft and fraud, according to a report Monday, Feb. 22, by the Federal Trade Commission (FTC), the nation's consumer protection agency.

The FTC sent out notification letters to these organizations and has launched investigations of other companies with sensitive data that has been exposed on P2P networks. While P2P technology is used to play games, make online calls, share music, videos and documents, incorrect configurations of the P2P file-sharing software can make personal information public.

In a release about the breaches, FTC Chairman Jon Leibowitz said, "We found health-related information, financial records, and driver's license and Social Security numbers -- the kind of information that could lead to identity theft. Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure."

The FTC is releasing educational materials to help businesses learn how to manage risks, and Leibowitz also said companies that distribute P2P programs should take precautions to make sure that their software doesn't share files inadvertently.

In the letters, the FTC urged the exposed organizations to review their own security practices as well as those of contractors and vendors.

"It is your responsibility to protect such information from unauthorized access, including taking steps to control the use of P2P software on your own networks and those of your service providers," the letters said.

Tips for consumers about computer security and P2P can be found at www.onguardonline.gov/topics/p2p-security.aspx. To file a complaint, visit www.ftccomplaintassistant.gov or call 1-877-382-4357.

 


| More

Comments

Janice Taylor-Gaines    |    Commented February 23, 2010

I think David Scott is right: Most individuals and organizations enjoy Security largely as a matter of luck. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary - an eCulture - for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS - check out a couple links down and read the interview with the author David Scott at Boston's Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium).

Janice Taylor-Gaines    |    Commented February 23, 2010

I think David Scott is right: Most individuals and organizations enjoy Security largely as a matter of luck. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary - an eCulture - for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS - check out a couple links down and read the interview with the author David Scott at Boston's Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium).

Janice Taylor-Gaines    |    Commented February 23, 2010

I think David Scott is right: Most individuals and organizations enjoy Security largely as a matter of luck. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary - an eCulture - for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS - check out a couple links down and read the interview with the author David Scott at Boston's Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium).


Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Better security. Better government.
Powering security at all levels of government with simpler, more connected IT.
Cybersecurity in an "All-IP World" Are You Prepared?
In a recent survey conducted by Public CIO, over 125 respondents shared how they protect their environments from cyber threats and the challenges they see in an all-IP world. Read how your cybersecurity strategies and attitudes compare with your peers.
Maintain Your IT Budget with Consistent Compliance Practices
Between the demands of meeting federal IT compliance mandates, increasing cybersecurity threats, and ever-shrinking budgets, it’s not uncommon for routine maintenance tasks to slip among state and local government IT departments. If it’s been months, or even only days, since you have maintained your systems, your agency may not be prepared for a compliance audit—and that could have severe financial consequences. Regardless of your mission, consistent systems keep your data secure, your age
View All

Featured Papers