Dump The Porn! Spokeo Has Blown Your Cover
As Criminals Target Elders And Retirees For Fraud And Identity Theft, Several Resources Emerge

CBS News: Data Breaches From Used Copy Machines

Earlier this week, the CBS Evening News broadcast a segment about data breaches via used copy machines. It was good to see this problem highlighted on a national news broadcast. The problem is huge and needs lots of attention.

Regular readers of this blog already know about the issue since I blogged about the used copy machine breach problem over a month ago. CBS News reported this week:

"Nearly every digital copier built since 2002 contains a hard drive - like the one on your personal computer - storing an image of every document copied, scanned, or emailed by the machine. In the process, it's turned an office staple into a digital time-bomb packed with highly-personal or sensitive data... It took [a data expert] just 30 minutes to pull the hard drives out of the copiers. Then, using a forensic software program available for free on the Internet, he ran a scan - downloading tens of thousands of documents in less than 12 hours. The results were stunning: from the sex crimes unit there were detailed domestic violence complaints and a list of wanted sex offenders. On a second machine from the Buffalo Police Narcotics Unit we found a list of targets in a major drug raid."

And, used copy machines are sold to buyers both inside and outside the USA. In my view, progress will be made only when company executives are held accountable for selling used machines that have not been cleansed of sensitive data. Not fines, but jail time.

More importantly, the threat is not from only copy machines but from the broader office equipment liquidation process -- how companies discard used office equipment: servers, routers, desktop computers, laptops, mobile devices, and external storage devices.

The liquidation process is supposed to work like this: a company hires an equipment vendor to buy, transport, and wipe clean the hard drives on the used office equipment it discards. The vendor is supposed to perform all of these tasks; and makes money by reselling the used equipment.

In reality, not all vendors consistently cleanse the equipment they have been contracted to cleanse. And, nobody at the client company checks or audits their performance. It's the dirty little secret nobody within a company wants to discuss. In September 2007, I wrote about a breach via used office equipment liquidation.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

smith

Hi,Thanks for sharing such a nice article, i had gone through the article which is very nice and in detailed review.
Data breach is now a days common in companies but here the situation is different as it involves the data of large number of people and their confidential details. This could lead to the a awkward situation were that information could be used for various illegal purposes. Such data breaches could be prevented by the data encryption, even if the data is in the hands of a criminal he could not analyze it very easily. for some more information check this link :http://www.eccouncil.org/certification/computer_hacking_forensic_investigator.aspx

Anne

yes. i saw this news in cbs. we must be cautious with this. always remove the hard disk inside the copiers. privacy is very important especially if handling confidential informations.

david swensen

oh my goodness! thanks for sharing this. imagine how many copiers are out there and needs to be cleaned out. this is a serious issue. all of us must be aware of this. this has to be shared.

Bill Garner

Copy Machines, a Security Risk? Yes a HUGE one!

Here is a link to a CBS video dealing with copier and fax machine security. It lasts about 5 minutes, but is very interesting

http://www.cbsnews.com/video/watch/?id=6412572n&tag=api

Cathy Pierre

Is there any tools used to wipe out personal information in the copiers hard drive? I have been using used copier for quite some time now. And I don't want this kind of security threat in my company.

George

Cathy:

To erase/wipe a copier hard drive, check with the manufacturer or start here:

http://bizsecurity.about.com/od/informationsecurity/a/disk_erase.htm

To destroy a hard drive, read this (humor):

http://ivebeenmugged.typepad.com/my_weblog/2007/08/how-to-destroy-.html

Let us know what you decide to do.

George
Editor
http://ivebeenmugged.typepad.com

Anonymous

If someone with bad intentions succeed to put his hands on a copier, I think that he will have much more valuable and accessible data to steal on the desk near to that...the copier is not the problem..

The comments to this entry are closed.