More p2p fiascos
Rian from RedTeam Protection, a division of Tony Josephs and Sons Investigations Inc., just sent me another batch of p2p cockups that exposed personal — and in some cases — sensitive medical — information. In each case, RedTeam advised the entity and/or helped ensure removal of the filesharing application. Some of these breaches are more security-related than privacy-related, but they’re all reminders of the risks. What a shame that most of these never seem to get reported to states so that they can be included in our chronologies and databases. RedTeam doesn’t reveal the names of the entities, however, and treats all of their findings as confidential.
An employee of a Virginia based family counseling corporation, leaked out 1,698 files onto the gnutella file sharing network. These documents included Individualized Service Plans, which included psychological evaluations, Medicaid numbers, social security numbers, and dates of birth.
The administrator of a California based treatment home, leaked 1,632 business documents onto the gnutella P2P network, including Individualized Service Plans, including dates of birth, complete medical histories, and
health insurance numbers.
The owner of a California based music studio, published 2,436 business related files onto the gnutella file sharing network. The files included personal contact information and signatures of well known musicians.
An executive at a United Arab Emirates based insurance provider, made publicly assessable 2,435 business related documents, including insurance numbers, scanned certificates, and workers compensation claims.
A Turkish accountant published 6,882 files onto the gnutella file sharing network, which included client balance sheets, account numbers, nondisclosure agreements, confidential merger information, and five years of faxes stored on the accountant’s hard drive.
A family counselor at a Washington, DC based treatment center, made 4,886 files accessible over the gnutella file sharing network. These files included the personal identifiers of juveniles seeking treatment for various behavioral issues, in addition to psychological profiles and emergency contact information.
A facilities manager at a national engineering consultancy published 13,038 files onto the gnutella file sharing network. These files contained confidential security and safety information for an manufacturing plant,
numerous vendor non disclosure agreements and internal correspondence.
A security manager at a Louisiana based chemical plant leaked 107 confidential files onto the gnutella P2P network. These files included bomb threat procedures, internal contact numbers, login names and passwords for the plant security system, contingency management documents and radio frequency assignments.
An employee of a presidential protection unit in Africa, published 2,298 files onto the gnutella file sharing network, including intelligence reports regarding child soldiers and pending investigations.
An executive at an Indonesian airline corporation published 9,263 files onto the gnutella P2P network, including security documents, human resource information and thousands of files relating to internal communications and vendor relations.
The superintendent/former superintendent of a Texas based school district, published 11,884 internal files onto the gnutella files sharing network. These files included confidential correspondence with parents, confidential grade sheets with dates of birth and student ID numbers, and confidential statistics listing grades sorted by demographics such as age and race.
Previous coverage of p2p breaches here.