Government Technology

Report: 'Widespread' Data Exposure on P2P File-Sharing Networks



February 22, 2010 By

At nearly 100 U.S. organizations -- including schools and local governments -- users with access to peer-to-peer (P2P) file-sharing networks can steal sensitive information about customers and employees, and these data breaches can be used to commit identity theft and fraud, according to a report Monday, Feb. 22, by the Federal Trade Commission (FTC), the nation's consumer protection agency.

The FTC sent out notification letters to these organizations and has launched investigations of other companies with sensitive data that has been exposed on P2P networks. While P2P technology is used to play games, make online calls, share music, videos and documents, incorrect configurations of the P2P file-sharing software can make personal information public.

In a release about the breaches, FTC Chairman Jon Leibowitz said, "We found health-related information, financial records, and driver's license and Social Security numbers -- the kind of information that could lead to identity theft. Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure."

The FTC is releasing educational materials to help businesses learn how to manage risks, and Leibowitz also said companies that distribute P2P programs should take precautions to make sure that their software doesn't share files inadvertently.

In the letters, the FTC urged the exposed organizations to review their own security practices as well as those of contractors and vendors.

"It is your responsibility to protect such information from unauthorized access, including taking steps to control the use of P2P software on your own networks and those of your service providers," the letters said.

Tips for consumers about computer security and P2P can be found at www.onguardonline.gov/topics/p2p-security.aspx. To file a complaint, visit www.ftccomplaintassistant.gov or call 1-877-382-4357.

 


| More

Comments

Janice Taylor-Gaines    |    Commented February 23, 2010

I think David Scott is right: Most individuals and organizations enjoy Security largely as a matter of luck. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary - an eCulture - for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS - check out a couple links down and read the interview with the author David Scott at Boston's Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium).

Janice Taylor-Gaines    |    Commented February 23, 2010

I think David Scott is right: Most individuals and organizations enjoy Security largely as a matter of luck. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary - an eCulture - for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS - check out a couple links down and read the interview with the author David Scott at Boston's Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium).

Janice Taylor-Gaines    |    Commented February 23, 2010

I think David Scott is right: Most individuals and organizations enjoy Security largely as a matter of luck. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary - an eCulture - for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS - check out a couple links down and read the interview with the author David Scott at Boston's Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium).


Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Maintain Your IT Budget with Consistent Compliance Practices
Between the demands of meeting federal IT compliance mandates, increasing cybersecurity threats, and ever-shrinking budgets, it’s not uncommon for routine maintenance tasks to slip among state and local government IT departments. If it’s been months, or even only days, since you have maintained your systems, your agency may not be prepared for a compliance audit—and that could have severe financial consequences. Regardless of your mission, consistent systems keep your data secure, your age
Best Practice Guide for Cloud and As-A-Service Procurements
While technology service options for government continue to evolve, procurement processes and policies have remained firmly rooted in practices that are no longer effective. This guide, built upon the collaborative work of state and local government and industry executives, outlines and explains the changes needed for more flexible and agile procurement processes.
Fresh Ideas In Online Security for Public Safety Organizations
Lesley Carhart, Senior Information Security Specialist at Motorola Solutions, knows that online and computer security are more challenging than ever. Personal smartphones, removable devices like USB storage drives, and social media have a significant impact on security. In “Fresh Ideas in Online Security for Public Safely Organizations,” Lesley provides recommendations to improve your online security against threats from social networks, removable devices, weak passwords and digital photos.
View All

Featured Papers