What might have been a minor breach of IT policy at Pfizer last year cascaded into a serious security incident when the personal data of 17,000 employees and former employees leaked onto a peer-to-peer network. Connecticut's state attorney general, concerned that state residents were at risk, launched an investigation. At least one former employee filed a lawsuit against the company.
It all started when the spouse of a Pfizer employee used file-sharing software on a company laptop, presumably to swap music or other content with other P2P users. Unknowingly, the laptop user also exposed 2,300 work files, including those containing sensitive Pfizer employee data--names, Social Security numbers, addresses, and bonus information resident on the laptop.
Pfizer isn't the only company to have its sensitive data exposed in this way. A former employee of ABN Amro Mortgage Group last year exposed spreadsheets with personal data on 5,000 customers from a home computer loaded with the BearShare file-sharing program. And last fall, a terrorist threat assessment of Chicago's transit system, completed by Booz Allen Hamilton under contact to the Federal Transit Administration, surfaced on a P2P network.
An End To Data Leaks
Find out about extrusion-prevention systems that can drop attackers in their tracks.
The problem of business data being leaked onto P2P networks by unsuspecting users isn't new, but it's getting worse. Researchers with the Center for Digital Strategies at Dartmouth College's Tuck School of Business, pointing to a rise in P2P usage and the decentralized nature of P2P networks, have concluded that file sharing is a growing security threat to business. File-sharing programs account for three of the top 10 apps on CNET's Download.com. And it's not just an internal issue; customers and business partners are frequently the sources of P2P data exposure.