Categories
Archives
- September 2008
- August 2008
- July 2008
- May 2008
- April 2008
- March 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- July 2005
- June 2005
- May 2005
- April 2005
- March 2005
- February 2005
- January 2005
- December 2004
- November 2004
Personal information on a few thousand ABM Amro Mortgage Group (unit of Citigroup) customers has been leaked out to anybody in the world through a peer-to-peer (P2P) software. The names, Social Security numbers, and mortgage information of some 5,200 people which was stored on an employee laptop was shared via the LimeWire P2P software.
While it is unclear how many times the information has been downloaded over the P2P network, the fact that a computer containing a large amount of personal information was allowed to run P2P software is inexcusable. In all likelihood, Citigroup (or ABM Amro Mortgage) have some sort of restrictions (administrative policy or an IT set of software restrictions) which prohibit P2P sharing in general and in all likelihood the employee who used the laptop in question did so without authorization. Even so, the problem remains at Citi and their IT security personnel for failing to prevent or detect such software earlier. Placing the blame on the individual user is not an excuse as it is Citi’s reputation (and possibly checkbook after claims by these 5,200 affected people are filed) on the line.
According to Pike & Fischer, in testimony at a July House subcommittee hearing on P2P risks, LimeWire Chairman Mark Gorton said that a "small fraction" of users override safe default settings that come with the program, despite the company’s warnings and precautions. The company is working on a "new generation of user interfaces and tools designed with neophyte users in mind," making it "even easier for users to see which files they are sharing and to intuitively understand the controls available to them," he said.
Even if LimeWire is successful in preventing users from ‘inadvertently’ sharing their business documents folders, a company which takes its intellectual property and information security and privacy seriously should, in most cases, take proactive steps to weed out P2P software from its networks.
2 Responses to “P2P Software Causes Security Breach”
Leave a Reply
Recent Posts
- Virginia Supreme Court Strikes Down State’s Anti-Spam Law
- Travelers’ Laptops May Be Detained At Border
- File Sharing Data Breach
- No download? Maybe no infringement in another Federal District Court
- CAN-SPAM Rules Modified
- CFAA Damages Calculation Includes Cost of Tracking Hacker
- Courts split on whether making a copyrighted song available for download violates copyright law.
- How to Respond to Data Breach
- Border Agents Can Search Laptops
- What is your return address?
- Proposed FRE 502 is good for electronic discovery, but it is not going to drastically reduce the cost of litigation as the authors are hoping.
- British Authorities: Insult to Injury
- Introduction to James Paulick
- TXJ Costs Continue Increasing
- Proposed Amendments to Section 1030
notquite 4October2007
This post needlessly demonizes P2P applications - “tak[ing] proactive steps to weed out P2P software from its networks” necessarily involves removing the operating system, among other everyday applications - hardly what would solve the problem. The described breach is technologically indistinguishable from putting the wrong files on the company’s public web server or setting ’sharing’ settings on an intranet. While particular mp3-centric P2P programs do facilitate filesharing, so do many legitimate office applications and networking programs. The problem here is entire data sets with no encryption/de-identifying were copied to a laptop rather than securely stored with access/replication restrictions. Dumb/non-existent security is the problem, not “evil” software.
limewire » P2P Software Causes Security Breach 23October2007
[...] Read the rest of this great post here [...]