This weekend I came across this report that a printing company called PIP had a breach and leaked thousands of sensible documents it had passed through them. Immediately reminded me of this article Bruce Scheneier published in his blog earlier this year about a 2011 report from the National Archives and Records Administration:
- NARA lacks appropriate controls to ensure all photocopiers across the agency are accounted for and that any hard drives residing on these machines are tracked and properly sanitized or destroyed prior to disposal.
- There are no policies documenting security measures to be taken for photocopiers utilized for general use nor are there procedures to ensure photocopier hard drives are sanitized or destroyed prior to disposal or at the end of the lease term.
- Photocopier lease agreements and contracts do not include a “keep disk”1 or similar clause as required by NARA’s IT Security Methodology for Media Protection Policy version 5.1.
Yep, it seems it’s gonna be a long year with thousands of people trying to exploit their local copy companies…
