Ricoh Australia is investigating an incident that exposed internal documents related to its multifunction devices online, reportedly affecting customers including banks and government departments.
The vendor notified its customers, informing them that documents known as run-up guides had potentially been exposed.
"Last week we uncovered a potential security risk affecting a small number of our customers in Australia. During the period 25 May to 11 July, Ricoh run-up guides, which are internal documents used by Ricoh field service engineers to setup new multi-function printers (MFPs), could have been seen by individuals outside of Ricoh," a Ricoh Australia spokesperson said.
"We immediately alerted all the affected customers, and have provided them each with a complete post-incident report detailing the information that was potentially exposed. A specialist team are currently working with these customers on deploying corrective action plans and are confident that appropriate measures will be in place for all affected customers over the next few days.
"Further, we are undertaking a thorough investigation of our protocols – locally and globally – to ensure we are advising customers on best practices to maintain secure, encrypted information effectively and consistently each and every time."
The incident was first reported on US security blog Data Breach Today, which said customers affected included the Australian Signals Directorate, the Civil Aviation Safety Authority, Australian Federal Police, Defence Science and Technology, Queensland Rail, ACT Government, NT Government, Deakin University, Charles Sturt University, Commonwealth Bank, NAB, IBM and insurer Arthur J. Gallagher.
The risk of damage was reportedly low. Run-up guides typically do not contain user credentials or sensitive data. And control of multifunction devices would remain limited to a business' internal network.
A Commonwealth Bank spokesperson told Data Breach Today: “None of our systems have been compromised in any way as a result of this disclosure”.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
