In an announcement made Monday, the Federal Trade Commission revealed that personal information, including sensitive data about customers and/or employees, has been shared from the organizations’ computer networks and is available on peer-to-peer file-sharing networks. The Commission goes on to say that any users of those could use the information to commit identity theft or fraud.
The organizations involved include both private and public entities, including schools and local governments. These entities range in size from businesses with as few as eight employees to publicly held corporations employing tens of thousands.
The FTC has urged the affected organizations to review their security practices and, if appropriate, the practices of contractors and vendors, to ensure that they are reasonable, appropriate, and in compliance with the law.
“It is your responsibility to protect such information from unauthorized access, including taking steps to control the use of P2P software on your own networks and those of your service providers.”
Check out the full announcement from the FTC here. A sample of the letters sent can be seen here (PDF). Screen grabs below for those of you with a distaste for PDF links (welcome to the club).