Point-of-Sale System Bought On eBay Yields Treasure Trove of Private Data 68
jfruh writes: Point-of-sale systems aren't cheap, so it's not unusual for smaller merchants to buy used terminals second-hand. An HP security researcher bought one such unit on eBay to see what a used POS system will get you, and what he found was disturbing: default passwords, a security flaw, and names, addresses, and social security numbers of employees of the terminal's previous owner.
meh, they're retail workers (Score:2, Insightful)
These are restaurant/retail workers. Society has already s*** all over them, so they shouldn't be surprised this happens to them.
Serious note: Small businesses (such as Target, or New York City) aren't good at data security.
Re:I hope this surprises no one,.. (Score:4, Insightful)
When someone goes out of business and liquidates (is forced to liquidate) their capital assets, they're not going to give a crap about what data might be left on these devices.
Small business owners (Score:5, Insightful)
I bet 90% of all small businesses still have no real clue data security and about the amount of data their printers, cash registers,.. still contain.
As someone who has spent many years consulting to small businesses I can tell you that you are being too conservative. 99% is probably closer to the mark. Nearly all small business owners are clueless regarding data security and frankly don't really have the time to worry about it either. Running a small business is a hugely time consuming endeavor and dealing the the nuances of data security is a luxury most do not have time for. Shoot, you'd be terrified at how many of them don't even bother to back up key data like their accounting software.
I run a small business myself and while I'm more aware than most about our security I don't really have time to deal with all of it. At some point you sometimes simply have to live with a certain level of risk until you have the resources to address things properly.