The US Federal Trade Commission (FTC) has warned nearly 100 companies and government departments that they could be affected by a serious data breach that has emerged on a peer-to-peer (P2P) network.
The FTC has written to the organisations, which range from school authorities and local government departments through to large scale enterprises, after it was discovered that sensitive information was being distributed over P2P networks.
P2P networks are widely used to transfer files between computers but, because of their automatic nature, users are often unaware as to when another P2P user is downloading a file from their PC. It is believed that the breach has arisen due to computers which were not correctly configured, potentially due to a lack of a firewall or other traffic monitoring software.
“Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers’ sensitive information at risk,” said Jon Leibowitz, chairman of the FTC.
“Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure.”
As well as notifying companies of the breach, the FTC is also planning to launch a new education campaign aimed at helping companies secure systems for P2P connections but have reiterated that IT security, as well as compliance with data privacy laws remains the responsibility of the companies involved.
“It is your responsibility to protect such information from unauthorized access, including taking steps to control the use of P2P software on your own networks and those of your service providers,” the commission warned.