FTC sends file sharing warning letters

America's Federal Trade Commission has sent scary letters to close to 100 organisations warning them that personal information inclding some sensitive data has been leaked into the public domain through careless use of peer to peer (P2P) file sharing services.

The letters point out that customer and employee information, which could be used to commit fraud, is routinely being shared, most likely by employees who don't understand the implications of seeding folders full of data to file sharing networks.

"Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers’ sensitive information at risk. For example, we found health-related information, financial records, and drivers' license and social security numbers - the kind of information that could lead to identity theft," said FTC Chairman Jon Leibowitz."

P2P software - which is used legitimately to share software updates and data, and not so legitimately to pirate music, games and videos - commonly sets public folders as containing shared information by default.

"Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programmes and that authorised programmes are properly configured and secure. Just as important, companies that distribute P2P programs, for their part, should ensure that their software design does not contribute to inadvertent file sharing."

The letters were sent to both public and private entities including schools and companies with thousands of employees.

The FTC made it clear that it was not suggesting that anyone was breaking the law, but just wanted individuals and companies to be aware of P2P pitfalls.