FTC notifies almost 100 organisations of P2P data leaks

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

The Federal Trade Commission has notified close to 100 US organisations of serious P2P-related security breaches that have exposed consumers to the risk of identity theft and fraud.

The use of P2P file-sharing networks to download music and movies opens the door for data loss both in the office and on consumers’ personal PCs, when users take work home in the evening or at weekends.

Sample FTC notification about data loss on P2P file-sharing networks

The worry is that there are now cybercriminal gangs who scavenge the file-sharing networks, hunting for sensitive work documents such as financial records, driving licences and social security numbers.

If not configured properly, Kazaa, Limewire and other P2P file-sharing networks can scoop up files on your computer that you would probably prefer the whole world didn’t have access to – not only embarrassing your company, but also putting your firm, your fellow employees and your customers at risk.

The FTC’s warning acts as a stern reminder to companies worldwide towards the dangers posed by P2P file-sharing in the work environment, and the need to control the movement of sensitive data.

A survey conducted by Sophos revealed that 86.5% of organisations would like the ability to block P2P file-sharing applications, with 79% indicating that blocking is essential. These statistics point towards the concerns felt by most businesses with regard to protecting their data.

Last year, a US House of Representatives Committee hearing revealed that a confidential document was shared via the Limewire peer-to-peer (P2P) file-sharing network. This document contained details of the secret service safe house that would be used by Michelle Obama in the event of the White House being evacuated. In addition, the hearing heard that sensitive details regarding the location of every nuclear facility in the USA were available via file-sharing systems.

The Obamas suffered again at the hands of a P2P data leak, when sensitive blueprints regarding the US Presidential “Marine One” helicopter appeared on a peer-to-peer file-sharing network from an IP address located in Tehran.

There have been countless other incidents of data being leaked accidentally through file-sharing networks.

A Sophos survey found that uncontrolled applications are causing serious concern for system administrators. For example, 86.5% of respondents said they want the opportunity to block P2P applications, with 79% indicating that blocking is essential.

View the wide-ranging list of applications that Sophos is able to control on your network.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.