Blogs » Digital Babble » File-sharing program exposes Supreme Court Justice data

Subscribe


Image The file-sharing program Limewire was installed on a computer at McWagner Resource group, exposing the private files of the agency to the public.

According to a report from the Washington Post, an employee of McWagner Resource Group, which is located in McLean, Virginia, had installed the program Limewire on his computer. Limewire is a peer-to-peer (P2P) file sharing program, that allows users to share and download music, movies, and other data files.

By running the program on a company computer, the employee exposed the names, dates of birth and Social Security numbers of about 2,000 of the firm's clients, including high-powered lawyers and Supreme Court Justice Stephen G. Breyer.

The data breach went on for about six months before it was discovered in June by a reader of the washingtonpost .com's blog, Security Fix.

The agency hired the company Tiversa to contain the security breach. Robert Boback, Tiversa's chief executive, told the Washington Post that "these breaches are common since many employees and contractors install file-sharing software on office computers."

Boback also said that many users of these programs don't  realize these file sharing programs may allow all files on the user's computer to be shared, not just music and movie files.

washingtonpost.com

"This case is unique because of the high profile of the targets. The individuals on this list are at a very high risk, almost imminent, of identity theft," Boback said.

More than a dozen LimeWire members, including some in Sri Lanka and Colombia, downloaded the personal records from Wagner, according to Tiversa officials.

"To me, this was devastating," said Phylyp Wagner, founder of the investment firm. "I didn't even know what peer-to-peer was. I do now."

...

"This may explain why two weeks ago I got a $9,000 cellphone bill from AT&T," said Steven Agresta, a partner with the law firm Alston & Bird. Someone had opened a phone account using his date of birth and Social Security number, but with a different address.


 

Here's a tip, if you have access to sensitive information, don't install P2P programs on your work computers!  Most companies do not allow employees to install these type of file-sharing programs anyway.

If you do choose to install P2P to download the latest High School Musical single, or whatever your needs may be, make sure you take the time to configure the program to share the folders that you want others to access.