P2P file sharing may be 2008’s greatest identity theft threat

According to the Identity Theft Assistance Center, a national non-profit coalition dedicated to protecting consumers from identity theft, throughout 2008 “criminals will continue to exploit new technologies to commit identity theft.” At the top of their list of “major event’ security breaches from 2007 is a case involving a peer-to-peer (P2P) file sharing network.

Similarly, the SANS Institute has identified P2P file sharing applications as one of the most crucial internet security vulnerabilities. Associated Press recently reported that “more than 1 billion searches are conducted daily over peer-to-peer systems. A good number involved bank names, the word “password” and other terms that appear to be attempts by would-be thieves to dig up other people’s sensitive documents.”

Kids & Digital Content reports that 70 percent of kids ages 9 through 14 are downloading digital music. The NPD Group has stated, “high levels of illegal P2P file sharing” are attributed as the source of those downloads.

While companies are educating employees on the dangers of P2P applications, people continue to use them at work and at home, often believing that their firewall and antivirus software will protect them. But, these traditional security products simply cannot protect against inadvertent disclosure or sophisticated attackers.

Todd Feinman, CEO of Identity Finder says:

Despite the severe risk of using P2P networks, their popularity is on the rise. Millions of Americans use file sharing to download music, movies, and games over the Internet, but don’t realize they’re inadvertently letting strangers download their own, their colleagues–or, in the case of tweens, their parents’—financial, tax return, and personal files.

Below are three examples of 2007’s “major events’ involving file sharing.

November, 2007 – Thirty-five year old Seattle man pleads guilty to using P2P file sharing programs to access the computers of victims and steal their personal information from tax returns, credit reports, bank statements and student financial aid applications.

September, 2007 – Over 5,000 social security numbers and other personal information on customers of Citigroup’s ABN Amro Mortgage Group were exposed over a P2P file sharing network. A former business analyst joined a file sharing network where people share music and video. Work-related information that she had downloaded onto her personal computer was inadvertently shared.

June, 2007 – Over 17,000 social security numbers of current and former Pfizer employees were exposed by a laptop owned by Pfizer and used by an employee. The employee’s spouse used a P2P file sharing program and inadvertently shared documents containing the personal information.