Thursday, February 25, 2010
FTC warns firms, organizations of widespread data breach
FTC warns firms, organizations of widespread data breach
Mon Feb 22, 4:35 PM
WASHINGTON (AFP) - The US Federal Trade Commission (FTC) said Monday it has notified nearly 100 companies and organizations of data breaches involving personal information about customers or employees.
The FTC declined to identify the companies or organizations involved, but said they were both "private and public entities, including schools and local governments."
The companies and organizations ranged in size from "businesses with as few as eight employees to publicly held corporations employing tens of thousands," the FTC said in a statement.
It said sensitive data about customers and employees had been shared from the computer networks of the companies and organizations and made available on Internet peer-to-peer (P2P) file-sharing networks.
The information was accessible to "any users of those networks, who could use it to commit identity theft or fraud," the FTC said.
"Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers' sensitive information at risk," FTC chairman Jon Leibowitz said.
"For example, we found health-related information, financial records, and drivers' license and social security numbers -- the kind of information that could lead to identity theft," Leibowitz said.
"Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure," he said.
"Just as important, companies that distribute P2P programs, for their part, should ensure that their software design does not contribute to inadvertent file sharing," he added.
P2P file-sharing software is used in a variety of ways including for playing games, making online telephone calls or sharing music, video and documents.
The FTC, in the notification letters to the companies and organizations, urged them to review their security practices "to ensure that they are reasonable, appropriate, and in compliance with the law.
"It is your responsibility to protect such information from unauthorized access, including taking steps to control the use of P2P software on your own networks and those of your service providers," the letters stated.
Mon Feb 22, 4:35 PM
WASHINGTON (AFP) - The US Federal Trade Commission (FTC) said Monday it has notified nearly 100 companies and organizations of data breaches involving personal information about customers or employees.
The FTC declined to identify the companies or organizations involved, but said they were both "private and public entities, including schools and local governments."
The companies and organizations ranged in size from "businesses with as few as eight employees to publicly held corporations employing tens of thousands," the FTC said in a statement.
It said sensitive data about customers and employees had been shared from the computer networks of the companies and organizations and made available on Internet peer-to-peer (P2P) file-sharing networks.
The information was accessible to "any users of those networks, who could use it to commit identity theft or fraud," the FTC said.
"Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers' sensitive information at risk," FTC chairman Jon Leibowitz said.
"For example, we found health-related information, financial records, and drivers' license and social security numbers -- the kind of information that could lead to identity theft," Leibowitz said.
"Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure," he said.
"Just as important, companies that distribute P2P programs, for their part, should ensure that their software design does not contribute to inadvertent file sharing," he added.
P2P file-sharing software is used in a variety of ways including for playing games, making online telephone calls or sharing music, video and documents.
The FTC, in the notification letters to the companies and organizations, urged them to review their security practices "to ensure that they are reasonable, appropriate, and in compliance with the law.
"It is your responsibility to protect such information from unauthorized access, including taking steps to control the use of P2P software on your own networks and those of your service providers," the letters stated.
# posted by raveneye @ 10:39 AM 
