February 22, 2010 By News Report
At nearly 100 U.S. organizations -- including schools and local governments -- users with access to peer-to-peer (P2P) file-sharing networks can steal sensitive information about customers and employees, and these data breaches can be used to commit identity theft and fraud, according to a report Monday, Feb. 22, by the Federal Trade Commission (FTC), the nation's consumer protection agency.
The FTC sent out notification letters to these organizations and has launched investigations of other companies with sensitive data that has been exposed on P2P networks. While P2P technology is used to play games, make online calls, share music, videos and documents, incorrect configurations of the P2P file-sharing software can make personal information public.
In a release about the breaches, FTC Chairman Jon Leibowitz said, "We found health-related information, financial records, and driver's license and Social Security numbers -- the kind of information that could lead to identity theft. Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure."
The FTC is releasing educational materials to help businesses learn how to manage risks, and Leibowitz also said companies that distribute P2P programs should take precautions to make sure that their software doesn't share files inadvertently.
In the letters, the FTC urged the exposed organizations to review their own security practices as well as those of contractors and vendors.
"It is your responsibility to protect such information from unauthorized access, including taking steps to control the use of P2P software on your own networks and those of your service providers," the letters said.