Sister CISA CISSP

Jun 17 2008   1:00PM GMT

Losing My Identity At the Drugstore Instant Photo Machine



Posted by: Arian Eigen Heald
Tags:
Data Breaches
Identity theft
Security
Stupid Technology
Tearing My Hair Out

A few days ago I went with my partner to the local drugstore (all the big chains have these machines) to print out a jpeg to send with a card for Father’s Day. The picture was on a thumb drive for easy transport, and I was along to provide technical support (I try to at least appear useful).

Imagine my HORROR when, after plugging in the drive as the machine requested, I saw the machine begin reading everything on the thumb drive, including financial spreadsheets, letters, family photos and lots of confidential stuff. Turns out she was using the same thumb drive she backs up all her critical documents with to transport the photo to the drugstore.

Needless to say, it was too late to recall, and my poor partner could only say, “I didn’t know!” at my yelp of despair. We printed the photo and left, with me mumbling under my breath about what a good column THAT was going to make.

So, how long before some poor minimum wage guy working behind the counter and hacking on weekends says, “Hmmm. Look at all that interesting data along with all those dumb pictures.” There is no warning or indicator on the machines that we should think about what we’re giving away on those thumb drives along with pictures of junior and his new fishing rod. Perhaps they’re assuming we know better. (ROTFL)

More likely, it has not occurred to the designers nor the drugstore management that those machines should only be reading for .jpeg, .tiff, .bmp, .raw and other illustration files, not ALL files. Although the information was not printed, it was acquired. Even if there is no hard drive (which I highly doubt) the files would remain in memory. Where is all that information sitting? Who has access to it? Am I nervous? You betcha.

I can only wonder how long will it be before we get something in the news about these machines.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Suzanne Wheeler
    [I]I am absolutely horrified.[/I] Regardless of the technical specs of the machine and cycle of data deletion, this is a nightmare. This gives us every reason to shell out $50 for a photo printer and keep the process at home. I cannot begin to express how concerned this makes me.
    360 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: