Printing Company Leaks Sensitive Customer Data
The majority of 400+ GB server is dedicated to design files and images relating to the printing business. The most sensitive information is contained within the “Outlook archives” and “Scans” folders. These contain around 50+GB of scanned documents relating to court cases, medical records, well known companies, and celebrities. There is an archive of correspondence where company's clients ask managers to make copies of the attached documents. This archive contains more than 2,200 messages and some of them have credit card numbers and billing details in plain text.
PIP Printing and Marketing Services, a printing and design company, is an award winning printing and production company that has franchise locations all over the US and ranks among Entrepreneur Franchise 500.
This is just another example of how digital our lives have become and even something as simple as printing documents can expose customers’ sensitive data. MacKeeper Security recommends that any company who receives and stores sensitive customer data take every possible step to secure and protect it.
Among sensitive data: documents of former American professional football players, with data included NFL retirement info, Social Security Number,s and some medical information; thousands of confidential files of Larry Flynt’s Hustler Hollywood retail stores. The files date back as far as 2010 and include HR documentation, internal investigations, sales numbers, goals, and profit and loss statements for each store.
Once again shows us the dangers of any company big or small not properly securing their data online. Leaks can be more than just embarrassing when they expose expose confidential store sales data and internal communications.
The information discovered by the MacKeeper Security Research Center was publically available and no password is needed to access the data.
First, it appeared on our radar back in late October 2016. Despite our attempts to notify the printing company, our calls and emails were never addressed seriously. We also recorded a call with receptionist who was acting weird and not willing to transfer the information further.
We are thankful to Tom Spring of Threatpost who assisted in this case and conducted his own investigation. See more details by following his story on Threatpost: https://threatpost.com/printing-and-marketing-firm-leaks-high-profile-customers-data/123530/