WASHINGTON — Sometime late last year, an employee of a McLean, Va., investment firm decided to trade some music, or maybe a movie, with like- minded users of the online file-sharing network Lime Wire while using a company computer. In doing so, he inadvertently opened the private files of his firm, Wagner Resource Group, to the public.
That exposed the names, dates of birth and Social Security numbers of about 2,000 of the firm’s clients, including a number of high-powered lawyers and Supreme Court Justice Stephen Breyer.
The breach was not discovered for nearly six months. A reader of ‘s Security Fix blog found the information while searching LimeWire in June.
Services such as LimeWire, known as peer-to-peer networks, link computers directly, allowing users to swap digital movies, music and files. What users may not be aware of is that the software may be configured to allow access to a user’s documents.
Robert Boback, chief executive of Tiversa, the company hired by Wagner to help contain the data breach, said such breaches are hardly rare. About 40 percent to 60 percent of all data leaks take place outside a company’s secured network, usually as a result of file-sharing software.
“We’ve seen a lot of instances where a company will be working on a product that’s not even released yet, and the diagrams . . . are already out on the Net,” Boback said.
