CBS News: Data Breaches From Used Copy Machines
Friday, April 23, 2010
Earlier this week, the CBS Evening News broadcast a segment about data breaches via used copy machines. It was good to see this problem highlighted on a national news broadcast. The problem is huge and needs lots of attention.
Regular readers of this blog already know about the issue since I blogged about the used copy machine breach problem over a month ago. CBS News reported this week:
"Nearly every digital copier built since 2002 contains a hard drive - like the one on your personal computer - storing an image of every document copied, scanned, or emailed by the machine. In the process, it's turned an office staple into a digital time-bomb packed with highly-personal or sensitive data... It took [a data expert] just 30 minutes to pull the hard drives out of the copiers. Then, using a forensic software program available for free on the Internet, he ran a scan - downloading tens of thousands of documents in less than 12 hours. The results were stunning: from the sex crimes unit there were detailed domestic violence complaints and a list of wanted sex offenders. On a second machine from the Buffalo Police Narcotics Unit we found a list of targets in a major drug raid."
And, used copy machines are sold to buyers both inside and outside the USA. In my view, progress will be made only when company executives are held accountable for selling used machines that have not been cleansed of sensitive data. Not fines, but jail time.
More importantly, the threat is not from only copy machines but from the broader office equipment liquidation process -- how companies discard used office equipment: servers, routers, desktop computers, laptops, mobile devices, and external storage devices.
The liquidation process is supposed to work like this: a company hires an equipment vendor to buy, transport, and wipe clean the hard drives on the used office equipment it discards. The vendor is supposed to perform all of these tasks; and makes money by reselling the used equipment.
In reality, not all vendors consistently cleanse the equipment they have been contracted to cleanse. And, nobody at the client company checks or audits their performance. It's the dirty little secret nobody within a company wants to discuss. In September 2007, I wrote about a breach via used office equipment liquidation.
Hi,Thanks for sharing such a nice article, i had gone through the article which is very nice and in detailed review.
Data breach is now a days common in companies but here the situation is different as it involves the data of large number of people and their confidential details. This could lead to the a awkward situation were that information could be used for various illegal purposes. Such data breaches could be prevented by the data encryption, even if the data is in the hands of a criminal he could not analyze it very easily. for some more information check this link :http://www.eccouncil.org/certification/computer_hacking_forensic_investigator.aspx
Posted by: smith | Monday, April 26, 2010 at 03:26 AM
yes. i saw this news in cbs. we must be cautious with this. always remove the hard disk inside the copiers. privacy is very important especially if handling confidential informations.
Posted by: Anne | Tuesday, April 27, 2010 at 12:56 AM
oh my goodness! thanks for sharing this. imagine how many copiers are out there and needs to be cleaned out. this is a serious issue. all of us must be aware of this. this has to be shared.
Posted by: david swensen | Tuesday, April 27, 2010 at 01:50 AM
Copy Machines, a Security Risk? Yes a HUGE one!
Here is a link to a CBS video dealing with copier and fax machine security. It lasts about 5 minutes, but is very interesting
http://www.cbsnews.com/video/watch/?id=6412572n&tag=api
Posted by: Bill Garner | Wednesday, May 12, 2010 at 03:27 PM
Is there any tools used to wipe out personal information in the copiers hard drive? I have been using used copier for quite some time now. And I don't want this kind of security threat in my company.
Posted by: Cathy Pierre | Wednesday, July 21, 2010 at 12:14 PM
Cathy:
To erase/wipe a copier hard drive, check with the manufacturer or start here:
http://bizsecurity.about.com/od/informationsecurity/a/disk_erase.htm
To destroy a hard drive, read this (humor):
http://ivebeenmugged.typepad.com/my_weblog/2007/08/how-to-destroy-.html
Let us know what you decide to do.
George
Editor
http://ivebeenmugged.typepad.com
Posted by: George | Wednesday, July 21, 2010 at 01:36 PM
If someone with bad intentions succeed to put his hands on a copier, I think that he will have much more valuable and accessible data to steal on the desk near to that...the copier is not the problem..
Posted by: Anonymous | Thursday, July 22, 2010 at 12:28 PM