From the National Retail Federation's blog:
Copier security: The newest LP threat you’ve never heard of
By JOE LAROCCA, SENIOR ASSET PROTECTION ADVISOR | Published: MAY 10, 2010
This entry was posted in Loss Prevention, Technology
We have become accustomed to hearing about sophisticated hackers attempting to steal credit card, customer and employee information from POS and IT systems. Just a few weeks ago, CBS News ran a piece on copier security. If you haven’t heard about this issue already, prepare to fall out of your seat.
The CBS investigation found that nearly every digital copier built since 2002 contains a hard drive, much like the one on your personal computer. These drives store images of every document copied, scanned, or emailed from the machine.
Most businesses lease copiers and return or resell them after a few years – the practice at every company I’ve ever worked for. CBS went to a warehouse/liquidator and with forensic software downloaded from the internet, similar to EnCase, they were able to obtain documents from each machine. Documents included records from the Buffalo Police Department and Affinity Insurance Company.
It got me thinking about how many times I’ve copied documents for meetings or watched the local pharmacy, cellular store and even the hospital copy my ID and other personal records.
But back to the CBS investigation. One of the copiers contained payroll records, including social security numbers. According to a follow-up story, because of medical privacy laws, Affinity was required to then file a breach notification to state and federal regulators and notify all of its clients and anyone who might have ever had information on Affinity copy machines, including current and former employees.
I held off on sending this out, thinking it might just be old news. But late last week, in a meeting full of law enforcement and bank investigators, only a handful had even heard of this story. Needless to say it became a topic of discussion. While there was some joy in having a new avenue for evidence collection, most people were concerned. Very concerned.
Apparently there is an option available on most copiers to encrypt or erase the data. I’m sure most IT folks can figure out how to wipe the drive (or find a good sledgehammer).
I encourage you to make sure your IT, operations and administrative people know about this issue and handle accordingly.
Since most people use control cards or credit cards on copiers at places like Kinko's, we are personally connected to what we copy. In addition to the identity protection issues mentioned, the political paranoid in me wonders whether this might one day be used for selective enforcement of copyright law against dissidents.
:kaffeetrinker_2: Rick
Copier security: The newest LP threat you’ve never heard of
By JOE LAROCCA, SENIOR ASSET PROTECTION ADVISOR | Published: MAY 10, 2010
This entry was posted in Loss Prevention, Technology
We have become accustomed to hearing about sophisticated hackers attempting to steal credit card, customer and employee information from POS and IT systems. Just a few weeks ago, CBS News ran a piece on copier security. If you haven’t heard about this issue already, prepare to fall out of your seat.
The CBS investigation found that nearly every digital copier built since 2002 contains a hard drive, much like the one on your personal computer. These drives store images of every document copied, scanned, or emailed from the machine.
Most businesses lease copiers and return or resell them after a few years – the practice at every company I’ve ever worked for. CBS went to a warehouse/liquidator and with forensic software downloaded from the internet, similar to EnCase, they were able to obtain documents from each machine. Documents included records from the Buffalo Police Department and Affinity Insurance Company.
It got me thinking about how many times I’ve copied documents for meetings or watched the local pharmacy, cellular store and even the hospital copy my ID and other personal records.
But back to the CBS investigation. One of the copiers contained payroll records, including social security numbers. According to a follow-up story, because of medical privacy laws, Affinity was required to then file a breach notification to state and federal regulators and notify all of its clients and anyone who might have ever had information on Affinity copy machines, including current and former employees.
I held off on sending this out, thinking it might just be old news. But late last week, in a meeting full of law enforcement and bank investigators, only a handful had even heard of this story. Needless to say it became a topic of discussion. While there was some joy in having a new avenue for evidence collection, most people were concerned. Very concerned.
Apparently there is an option available on most copiers to encrypt or erase the data. I’m sure most IT folks can figure out how to wipe the drive (or find a good sledgehammer).
I encourage you to make sure your IT, operations and administrative people know about this issue and handle accordingly.
Since most people use control cards or credit cards on copiers at places like Kinko's, we are personally connected to what we copy. In addition to the identity protection issues mentioned, the political paranoid in me wonders whether this might one day be used for selective enforcement of copyright law against dissidents.
:kaffeetrinker_2: Rick
This CBS story was mostly a bunch of sensationalistic/ratings hype, IMO. This sounds more like a Fox thing 
Rick
Rick