US workers warned of ID theft risk

23 Feb 2010

Thousands of workers in the US may be at risk of identity fraud following the identification of nearly 100 companies and organisations that had failed to protect employee data.

The US Federal Trade Commission (FTC) confirmed that both "private and public entities, including schools and local governments" had been notified of data breaches which have resulted in personal information such as health reports and financial records being made readily available on the internet.

The commission said that the severity of the breaches and the amount of information made available through peer-to-peer (P2P) networks means "tens of thousands" of employees could be at risk of identity fraud.

The information was accessible to "any users of those networks, who could use it to commit identity theft or fraud," the FTC said.

FTC chairman Jon Leibowitz said: "Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers' sensitive information at risk.

"For example, we found health-related information, financial records, and driver's licence and social security numbers - the kind of information that could lead to identity theft.

Mr Leibowitz said the scale of the breaches should act as a wake-up call to other firms and organisations that are responsible for the safe storage of personal data.

"Companies should take a hard look at their systems to ensure that there are no unauthorised P2P file-sharing programs and that authorised programs are properly configured and secure," he added.