Point-of-Sale System Bought On eBay Yields Treasure Trove of Private Data 68
jfruh writes: Point-of-sale systems aren't cheap, so it's not unusual for smaller merchants to buy used terminals second-hand. An HP security researcher bought one such unit on eBay to see what a used POS system will get you, and what he found was disturbing: default passwords, a security flaw, and names, addresses, and social security numbers of employees of the terminal's previous owner.
I hope this surprises no one,.. (Score:5, Interesting)
I bet 90% of all small businesses still have no real clue data security and about the amount of data their printers, cash registers,.. still contain.
Re:I hope this surprises no one,.. (Score:5, Interesting)
By that reasoning if the restaurant supply reclamation company instead found equipment contaminated with bacteria, and sold the equipment, and people got sick and died from it, they likewise wouldn't have any responsibility. Equipment that poses a threat to people because it spreads private data is not really all that different from equipment that poses a threat because it spreads disease.
(Which is not to say that it's legally the same, of course.)