The Federal Trade Commission (FTC) notified around 100 agencies and companies that significant levels of sensitive employee and customer data is being regularly leaked on peer-to-peer networks (P2P), such as BearShare and LimeWire. Along with the warnings, the FTC released new educational materials to make organizations more cognizant of the threat and best practices to manage the threat.
The letter stated “It is your responsibility to protect such information from unauthorized access, including taking steps to control the use of P2P software on your own networks and those of your service providers.”
According to federal law, organizations are required to take appropriate and reasonable security measures to protect sensitive personal data. Failure to keep the information form leaking over P2P networks could be a violation of federal law.
“Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers' sensitive information at risk. For example, we found health-related information, financial records, and drivers' license and social security numbers–the kind of information that could lead to identity theft,” said FTC Chairman Jon Leibowitz.
“Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure,” he continued. “Just as important, companies that distribute P2P programs, for their part, should ensure that their software design does not contribute to inadvertent file sharing.”