The FTC declined to identify the companies or organizations involved, but said they were both "private and public entities, including schools and local governments."
The companies and organizations ranged in size from "businesses with as few as eight employees to publicly held corporations employing tens of thousands," the FTC said in a statement.
It said sensitive data about customers and employees had been shared from the computer networks of the companies and organizations and made available on Internet peer-to-peer (P2P) file-sharing networks.
The information was accessible to "any users of those networks, who could use it to commit identity theft or fraud," the FTC said.
"Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers' sensitive information at risk," FTC chairman Jon Leibowitz said.
"For example, we found health-related information, financial records, and drivers' license and social security numbers -- the kind of information that could lead to identity theft," Leibowitz said.