Sign in with
Sign up | Sign in

FTC Warns 100 Organizations of Data Breaches

By - Source: Tom's Hardware US | B 10 comments
Tags :

The FTC yesterday said that it had notified just under 100 organizations thought to be affected by a widespread data breach.

In an announcement made Monday, the Federal Trade Commission revealed that personal information, including sensitive data about customers and/or employees, has been shared from the organizations’ computer networks and is available on peer-to-peer file-sharing networks. The Commission goes on to say that any users of those could use the information to commit identity theft or fraud.

The organizations involved include both private and public entities, including schools and local governments. These entities range in size from businesses with as few as eight employees to publicly held corporations employing tens of thousands.

The FTC has urged the affected organizations to review their security practices and, if appropriate, the practices of contractors and vendors, to ensure that they are reasonable, appropriate, and in compliance with the law.

“It is your responsibility to protect such information from unauthorized access, including taking steps to control the use of P2P software on your own networks and those of your service providers.”

Check out the full announcement from the FTC here. A sample of the letters sent can be seen here (PDF). Screen grabs below for those of you with a distaste for PDF links (welcome to the club).

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 12 Hide
    redplanet_returns , February 23, 2010 4:09 PM
    enderwiggenGet people to stop using 12345 or password as their password would be a nice start.


    and password as a password is not a password!
  • 12 Hide
    enderwiggen , February 23, 2010 4:00 PM
    Get people to stop using 12345 or password as their password would be a nice start.
  • 10 Hide
    muffins , February 23, 2010 4:47 PM
    12345? thats amazing, I've got the same combination on my luggage!
Other Comments
    Display all 10 comments.
  • 0 Hide
    JohnnyLucky , February 23, 2010 3:48 PM
    Does a week go by without news of some sort of security breach or hacking? It starting to sound as if it is business as usual. is there nothing that can be done to stop it?
  • 12 Hide
    enderwiggen , February 23, 2010 4:00 PM
    Get people to stop using 12345 or password as their password would be a nice start.
  • 12 Hide
    redplanet_returns , February 23, 2010 4:09 PM
    enderwiggenGet people to stop using 12345 or password as their password would be a nice start.


    and password as a password is not a password!
  • 4 Hide
    batkerson , February 23, 2010 4:41 PM
    The first thing anyone should do is remove the "admin" or "administrator" user name and replace it with something difficult that is unrelated to the business or to the word "administrator". (e.g., "boss" is not a good replacement). I'm constantly amazed how many companies, not to mention people, leave the "admin" user as "admin". That's getting the would-be hacker half way to breaching your security.
    My 2 cents. . .
  • 10 Hide
    muffins , February 23, 2010 4:47 PM
    12345? thats amazing, I've got the same combination on my luggage!
  • 1 Hide
    dmoney_07 , February 23, 2010 5:27 PM
    What's with all the comments about username/password complexity. Security breaches are usually the result of a software exploit. Even with complex credentials, anit-virus software, host intrusion protection, network intrusion protection, or any other security solutions there will still be breaches. The reason for the increase in security breaches is just a reflection of the times. Criminals have found that stealing protected confidential information is a nice way to make a profit.
  • 6 Hide
    babybeluga , February 23, 2010 6:28 PM
    redplanet_returnsand password as a password is not a password!


    password12345, noob. You have to combine letters and numbers now!
  • 0 Hide
    Shadow703793 , February 23, 2010 9:43 PM
    lol, now call me paranoid eh? My passwords consist of 5 numbers 5 symbols and 7 letters (not a real word :p  ). And has password attempt limitations :D . And I never use the same password for everything either.
  • 0 Hide
    CoderDunn , February 23, 2010 11:57 PM
    muffins12345? thats amazing, I've got the same combination on my luggage!


    lmao Mel Brook's Space Balls, I love that movie

    "They've gone plaid!"
  • 0 Hide
    neiroatopelcc , February 24, 2010 11:38 AM
    JohnnyLuckyDoes a week go by without news of some sort of security breach or hacking? It starting to sound as if it is business as usual. is there nothing that can be done to stop it?

    Sure. Educate the users would be a start. But it's not that simple in reality. It costs money to create security, and it costs more to maintain it. On top of that it requires some amount of attention from the users, which at worst won't even want to know anything about it.
    So there are two major obstacles with security. 1) people can't be bothered (it is a complex subject and even more so to untrained personnel) and 2) it costs money and doesn't generate any. My boss (IT boss in a company with approx 450 employees and a bit over 20.000 people passing thru the oracle database every year) has the stance that security must not cost more than it does not to have it. In other words we don't want data redundancy if it costs more than downtime would, and we don't need more network security than the estimated worth of what's accessible. And in fact most of our security systems are focused on keeping our own users out of the system where possible, but not nessecarily stop virus outbreaks or outside interference.

    Anyhow, these letters here are sent to companies running p2p software right? that means companies where the users have installed and are running such software knowingly. You can't protect against that except by designing your internal policies so or remove the users who do it. No matter the firewall and protocol inspectors you cannot block people from using p2p. They could essentially just run their p2p trafic thru an encrypted proxy like internet cloaker. You can never protect against employees or customers who knowingly and willingly attempt to circumvent or disregard security. You can only be reactive to those events.