Pages

Monday, May 10, 2010

Copier security: The newest LP threat you’ve never heard of

We have become accustomed to hearing about sophisticated hackers attempting to steal credit card, customer and employee information from POS and IT systems. Just a few weeks ago, CBS News ran a piece on copier security. If you haven’t heard about this issue already, prepare to fall out of your seat.

The CBS investigation found that nearly every digital copier built since 2002 contains a hard drive, much like the one on your personal computer. These drives store images of every document copied, scanned, or emailed from the machine.

Most businesses lease copiers and return or resell them after a few years – the practice at every company I’ve ever worked for. CBS went to a warehouse/liquidator and with forensic software downloaded from the internet, similar to EnCase, they were able to obtain documents from each machine. Documents included records from the Buffalo Police Department and Affinity Insurance Company.

It got me to thinking about how many times I’ve copied documents for meetings or watched the local pharmacy, cellular store and even the hospital, copy my ID and other personal records.

But back to the CBS investigation. One of the copiers contained payroll records, including social security numbers. According to a follow-up story, because of medical privacy laws, Affinity was required to then file a breach notification to state and federal regulators and notify all of its clients and anyone who might have ever had information on Affinity copy machines, including current and former employees.

Apparently there is an option available on most copiers to encrypt or erase the data. I’m sure most IT folks can figure out how to wipe the drive (or find a good sledgehammer).

I encourage you to make sure your IT, operations and administration people know about this issue and handle accordingly.

Source: NRF
Source: CBS News

No comments:

Post a Comment