Federal Trade Commission links wide data breach to file sharing

The Federal Trade Commission said Monday that it has uncovered widespread data breaches at companies, schools and local governments whose employees are swapping music, software and movie files over the Internet.

The consumer protection agency said it sent nearly 100 letters to organizations where information on customers and employees -- including health and financial data and Social Security and driver's license numbers -- leaked through peer-to-peer Web services. It warned that the security breaches could lead to identity fraud or theft, and it recommended that the groups review their policies and inform affected users. "Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers' sensitive information at risk," FTC Chairman Jon Leibowitz said in a news release. The agency said it has launched separate investigations of some companies as a result of its file-swapping inquiry, but it declined to name those firms or detail the scope of the probes. "Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure," he said. Privacy and consumer advocates have long urged regulators to address the risks posed by peer-to-peer networks. They say that, for example, an employee at a commercial firm could inadvertently publicize unsecured customer data by using a work computer to download music from a Web service such as BitTorrent, BearShare or LimeWire. Those and other peer-to-peer protocols allow users to grab unsecured files from other users' computers. Unless a company protects its data, many sensitive files could get in the wrong hands.