FTC warns firms, organizations of widespread data breach

Feb 22, 2010
The US Federal Trade Commission (FTC) building in Washington, DC. The US Federal Trade Commission (FTC) said Monday it has notified nearly 100 companies and organizations of data breaches involving personal information about customers or employees.

The US Federal Trade Commission (FTC) said Monday it has notified nearly 100 companies and organizations of data breaches involving personal information about customers or employees.

The FTC declined to identify the companies or organizations involved, but said they were both "private and public entities, including schools and local governments."

The companies and organizations ranged in size from "businesses with as few as eight employees to publicly held corporations employing tens of thousands," the FTC said in a statement.

It said sensitive data about customers and employees had been shared from the computer networks of the companies and organizations and made available on Internet peer-to-peer (P2P) file-sharing networks.

The information was accessible to "any users of those networks, who could use it to commit identity theft or fraud," the FTC said.

"Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers' sensitive information at risk," FTC chairman Jon Leibowitz said.

"For example, we found health-related information, financial records, and driver's license and social security numbers -- the kind of information that could lead to identity theft," Leibowitz said.

"Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure," he said.

"Just as important, companies that distribute P2P programs, for their part, should ensure that their software design does not contribute to inadvertent file sharing," he added.

P2P file-sharing software is used in a variety of ways including for playing games, making online telephone calls or sharing music, video and documents.

Chris King, director of product marketing at California-based security firm Palo Alto Networks, said the sharing of sensitive company information over such P2P services as BitTorrent or Limewire was indeed often unintentional.

"People are not stealing identities, medical records, financial records and sticking them on these networks," King told AFP.

"In a lot of cases what's happening is someone who works for one of these organizations... will install an application on their laptop or desktop so they can get to music or movies or something like that," he said.

"Next thing you know a whole bunch of medical records are in the wild," he said. "It's not necessarily malicious from the get-go."

King said a study had found that P2P programs have a nearly 90 percent penetration rate in "enterprise organizations -- folks that have firewalls and all kinds of security mechanisms in place."

The FTC, in the notification letters to the companies and organizations, urged them to review their security practices "to ensure that they are reasonable, appropriate, and in compliance with the law."

"It is your responsibility to protect such information from unauthorized access, including taking steps to control the use of P2P software on your own networks and those of your service providers," the letters stated.

Explore further: Study: Social media users shy away from opinions

add to favorites email to friend print save as pdf

Related Stories

FTC warns of explicit content in virtual worlds

Dec 10, 2009

The US consumer protection agency warned parents Thursday that children can easily bypass age requirements in virtual worlds and access violent or sexually explicit content.

Recommended for you

Study: Social media users shy away from opinions

Aug 26, 2014

People on Facebook and Twitter say they are less likely to share their opinions on hot-button issues, even when they are offline, according to a surprising new survey by the Pew Research Center.

US warns shops to watch for customer data hacking

Aug 23, 2014

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

Fitbit to Schumer: We don't sell personal data

Aug 22, 2014

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

Aug 22, 2014

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

Philippines makes arrests in online extortion ring

Aug 22, 2014

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

User comments : 0