The FTC declined to identify the companies or organizations involved, but said they were both "private and public entities, including schools and local governments."
The companies and organizations ranged in size from "businesses with as few as eight employees to publicly held corporations employing tens of thousands," the FTC said in a statement.
It said sensitive data about customers and employees had been shared from the computer networks of the companies and organizations and made available on Internet peer-to-peer (P2P) file-sharing networks.
The information was accessible to "any users of those networks, who could use it to commit identity theft or fraud," the FTC said.
"Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers' sensitive information at risk," FTC chairman Jon Leibowitz said.
"For example, we found health-related information, financial records, and drivers' license and social security numbers -- the kind of information that could lead to identity theft," Leibowitz said.
Skeptical Debunker on 25 Feb 10Simply joining a few groups at social networking sites may reveal enough information for hackers to personally identify you, according to some recent computer science research. In a paper that will be presented at a security conference later this year, an international team of academics describes how they were able to build membership sets using information that social networking sites make available to the public, and then leverage an existing attack on browsing history to check for personal identity. That information, they argue, can then be combined with other data to create further security risks, such as a personalized phishing attack.
