Companies often fail to adequately secure their FTP sites, leaving it open for any anonymous user to access. Some companies have carelessly posted customer lists and even password files on the outgoing, “public” sections of the site. If “inadequate protection” is found, then your lost proprietary information cannot form the basis of a CFAA or trade secret theft allegation. The courts and the Federal Trade Commission take the view that website privacy statements create an expectation of privacy for the entire company, not just the website.”]
Source: https://www.csoonline.com/article/2117236/secure-ftp—shadow-sites.html