informa
/
Attacks/Breaches
Quick Hits

P2P Leads to Major Leak at Citigroup Unit

ABN Amro employee exposes personal data on 5,000 mortgagees by installing BearShare

In another instance of security leaks caused by peer-to-peer file sharing software, Citigroup's ABN Amro mortgage unit Friday reported that a former employee has exposed three spreadsheets containing more than 5,000 Social Security numbers and other personal details about customers.

Tiversa, a Pittsburgh company that offers data-leakage protection services, traced the origins of the ABN data to a Florida computer with the BearShare software installed, according to a report.

BearShare, LimeWire, and scores of other peer-to-peer (P2P) programs are designed to distribute and find songs, movies, and other files over the Gnutella file-sharing network. Several other P2P-related data leaks have been reported this year, including the loss of some 17,000 names and Social Security numbers at Pfizer. (See Pfizer Falls Victim to P2P Hack.)

Tiversa Chief Executive Robert Boback said Tiversa had yet to perform a full analysis to see how far the data had spread worldwide, but found evidence the files already had moved beyond the former employee's computer.

"There is no question in my mind that... identity thieves have these files, and if they haven't already, they will be acting on them very soon," Boback said Friday. Tiversa was investigating the breach on behalf of a reporter for Dow Jones Newswires, which reported on the leakage earlier.

Boback said more than 1 billion searches are conducted daily over peer-to-peer systems. A good number involve bank names, the word "password," and other terms that appear to be attempts by would-be thieves to dig up other people's sensitive documents, he said.

Citigroup says it's investigating the leak.

— Tim Wilson, Site Editor, Dark Reading

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5