CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 10th, 2008

Investment Firm Clients Personal Data Exposed Over P2P Networks

The Alexandria, Va.-based investment firm last week had to notify about 2,000 of its clients that their names, Social Security numbers and birthdates had potentially been exposed on the LimeWire P2P network, according to a story published Wednesday by The Washington Post. Among the individuals whose personal data was exposed in the Wagner compromise was Supreme Court Justice Stephen Breyer. The leak wasn’t discovered until last month, when one of its online readers found the data about Wagner’s clients while using the LimeWire network.

Wagner didn’t immediately respond to a request for comment about the incident. But the Post reported that the compromise resulted from the use of LimeWire’s file-sharing software by a Wagner employee. The employee apparently downloaded the software to his company-issued PC last year, so he could share music and other media files with fellow LimeWire users. But the software ended up exposing all of the contents on the employee’s computer to other users of the P2P network.

The P2P software offered on networks such as LimeWire and Kazaa is designed to help users easily share media files, and to aid them in finding files on the computers of other users. The problem is that if P2P users aren’t careful, the software can expose not just the media files they want to share but almost everything else on their computers.

Numerous organizations have suffered data leaks as a result of such carelessness. Last year, for instance, the personal data of about 17,000 Pfizer employees was exposed after an employee installed unauthorized P2P software on her laptop. And at a Senate hearing last year, lawmakers heard testimony from several witnesses about the abundance of classified government and military documents as well as corporate data freely available on P2P networks.

The data said to be available included a full diagram of the Pentagon’s secret backbone network infrastructure, complete with IP addresses and password-change scripts; contractor data on radio-frequency manipulation techniques for dealing with improvised explosive devices in Iraq; the complete minutes of a board meeting held at a large financial services company; and the detailed launch plan of a start-up company, complete with growth targets and other business forecasts.

Share this item with others:

More on CyberInsecure:
  • Coos County Accounting Firm Stolen Laptop Contained Personal Information
  • Bank Of NY Mellon Corporation Loses Clients Details Backup Tapes
  • Sensitive Federal Data Leaked Through P2P File Sharing
  • Interbank FX Customers Data Exposed For Almost A Year
  • Web Security Provider Barracuda Networks Attacked, Sensitive Data Exposed

    • Posted in Breaches And Incidents, Privacy | Print This Post Print This Post

    This entry was posted on Thursday, July 10th, 2008 at 2:50 am and is filed under Breaches And Incidents, Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Investment Firm Clients Personal Data Exposed Over P2P Networks

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
    Click to hear an audio file of the anti-spam word

    « «
    » »