FTC finds data breaches caused by peer-to-peer networks


The federal agency says drivers license numbers, social security numbers and other information useful to identity thieves have been compromised unintentionally by 100 American corporations, some of them with tens of thousands of employees.

The FTC has also launched investigations of other companies and organizations, including local governments, whose customer and employee information has been exposed through the use of peer-to-peer (P2P) file-sharing networks.

P2P technology is used to play video games, make online telephone calls or share music and movies. The FTC warns that if the file-sharing software isn't configured correctly, private files could be accessible to the millions of people who share the network.

"We found health-related information, financial records, and drivers' license and social security numbers--the kind of information that could lead to identity theft," said FTC Chairman Jon Leibowitz.

Not surprisingly, the Recording Industry Association of America and Motion Picture Association of America, whose music and video products are often pirated and illegally shared through P2P networks, applauded the FTC's notifications.

"For the millions of men and women working in film, television, music, software and other creative industries, P2P networks have become a serious threat to their livelihoods by serving as a major platform for illegal trafficking in stolen copyrighted material," said Daniel Mandil, general counsel and chief content protection officer for the MPAA.

Popular P2P networks include BitTorrent and LimeWire.

The FTC is releasing new education materials that discuss the risks and recommend says to manage them. If commercial information is at risk, government files and data stored on federal computers could also be vulnerable to unintentional sharing. The agency is urging organizations to make sure the software policies of their vendors and contractors are strict enough to prevent unauthorized access to private information.

Lisa Sotto, partner at Hunton & Williams law firm, said P2P software presents an "unintended consequence" of accidentally sharing files not meant to be shared.

"If I have an Excel spreadsheet with everyone's social security numbers in it and I share a music file that happens to be sitting alongside it, that spreadsheet could be blasted out," she said in an interview Monday.

She recommends software that can block the P2P software from being downloaded in the first place.

"Companies ought to have policies in place to restrict the use of business equipment," she said.