FTC ticks off dozens of firms over security breaches

Posted by Emma Woollacott

The Federal Trade Commission (FTC) has warned almost 100 organisations that they're making personal information about their customers available to all and sundry.

The problem is the use of peer-to-peer networking, which has made the information available to any users on the offending networks.

"We found health-related information, financial records, and drivers’ license and social security numbers - the kind of information that could lead to identity theft," said FTC Chairman Jon Leibowitz.

"Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure. Just as important, companies that distribute P2P programs, for their part, should ensure that their software design does not contribute to inadvertent file sharing."

The FTC, unsurprisingly, doesn't want ot be loose-tonged itself and won't name the organizations involved. But, it says, they include schools, local government insitutions and corporations with tens of thousands of employees.

It's written to them all, pointing out that "It is your responsibility to protect such information from unauthorized access, including taking steps to control the use of P2P software on your own networks and those of your service providers."

It isn't threatening to prosecute at this stage, although it warns the affected organizations that it has done in the past.

It also recommends that the organizations 'consider' whether to inform affected customers and employees. We don't think many of them will, do you?