Slashdot Mirror
Huge Trove of Employee Records Discovered At Abandoned Toys 'R' Us (hackaday.com)
An anonymous reader writes: Hackaday recently engaged in a bit of urban exploration, taking a look inside of a recently purchased Toys "R" Us location that has been boarded up since the once giant toy store chain folded in June. Inside they found plenty of hardware left behind, from point-of-sale systems to the Cisco networking gear in the server room. But the most interesting find was on paper.
In a back office, they found "several boxes" of personal information about the store's employees, from their medical records to photocopies of their driver's licenses and Social Security cards [and also tax forms]. A video included with the article gives the viewer an impression of just how large a collection of files were left behind.
The author wonders if the situation in this particular store was a fluke, or if the other [800] Toys "R" Us locations were left in a similar state.
The article calls it "a very surprising look at what get's left behind when the money runs out and the employees simply give up...."
"We saw the great lengths the company went to protect customer information, so to see how little regard they had for their own people was honestly infuriating."
In a back office, they found "several boxes" of personal information about the store's employees, from their medical records to photocopies of their driver's licenses and Social Security cards [and also tax forms]. A video included with the article gives the viewer an impression of just how large a collection of files were left behind.
The author wonders if the situation in this particular store was a fluke, or if the other [800] Toys "R" Us locations were left in a similar state.
The article calls it "a very surprising look at what get's left behind when the money runs out and the employees simply give up...."
"We saw the great lengths the company went to protect customer information, so to see how little regard they had for their own people was honestly infuriating."
Paper hacking
Table-ized A.I.
So they call it 'urban exploring'?
From the article you didn't read.
But much to my surprise, a friend of mine recently invited me to join him on a trip to the now defunct toy store. His wife’s company purchased one of the buildings for its ideal location near a main highway, and before the scrappers came through to clean everything out, he thought I might like a chance to see what was left.
Reminds me of when we moved to a new office at our university.
The old office used to be a different department and they left behind a cabinet full of documents.
It was full of files of applicants, those who had applied to the department as faculty and students. Each of these files had all the recommendation letters.
I read through a whole bunch of recommendation letters to see how people write them. Most of them were really weird and would not be happy if the applicant read it.
They were not negative but not quite positive either. Just strange mostly.
I couldn't believe that they had just left confidential documents behind. I tried to get them to retrieve the documents but I got no reply. I was quite furious that I had to deal with their cabinets full of their crap and just left it all outside as trash to be picked up. Who knows who read them and what happened to them afterwards.
Yes the CEO should be in jail for allowing this to happen. Employees records all over the country being exposed from a failed CEO.
Why do they have their employees medical records?
The last person at that location should set fire to the building.
As someone who was arbitrarily put in charge of "shutting down" a company after they closed their doors, I can attest that there are few guidelines, and few specific instructions.
In my case, I was told to make backups of all the "important stuff" and send it to the parent company. I was also told to contact all lease companies and tell them to come get their shit.
Beyond that, I was given no instructions on what to do with paper documents (shred them?), and nobody seemed to give two shits about what happened to any remaining assets.
I left that company with a new desk and chair for my home office, and a small stockpile of equipment that was off-lease. The rest was left for the landlord of the building to deal with.
the employees simply give up
There are no employees handling the shutting down processes, inventory and cleaning when they have all been thrown out from the back door to the alley within 15 to 30 minutes of the shutting down announcement.
Company closes up because bankrupt. Who's going to pay for someone to gather all those files and dispose of them? If there's no money in the bank to pay payroll, you're not going to get newly unemployed people doing it out of the goodness of their heart.
Typically, this kind of thing comes as a surprise in the field. It's not like the store manager calls employees and says "well, folks, we're closing in a few days, I need you to help pack up" - nope - it's "Don't show up tomorrow, we're out of money and we can't pay you"
BK companies leave all kinds of stuff behind, particularly if they're in arrears on rent. The landlord padlocks the doors and tries to sell what's left to recover some value. If they left the IRS in the lurch, then the IRS will be their with their padlocks, too.
At the end they're getting paid shit, treated like shit, and they feel like shit. Management often gets canned ahead of time and replaced with management from liquidation outfits, so there is little to no continuity on backend matters. It's unfortunate that it happened but not surprising.
Hopefully the other stores that are being turned into halloween stores are going to do a better job handling the flotsam.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
You probably should’ve reported it to the university itself. At our university, at least, the bureaucrats take their rules and forms very seriously. They like nothing better than to enforce even trivial rules... the sort of breach of trust you describe would probably result in a public flogging.
#DeleteChrome
When a company goes out, it's not rare for customers/employees data to be later found mismanaged.
Like recently, NCIX, a defunct computer hardware store, had a massive databreach due to them essentially leaving their old database servers on location in a place they couldn't pay the rent at, so they essentially gave everything to the landlord... Who sold it to people who made use of that data to make a profit by selling it to China.
This include Social security numbers, past addresses, names and many other information, basically everything you need to steal someone's identity, of their current and past employees. There's even disk images of employees work and home computers in some cases, including compromising pictures, perfect for blackmailing.
Along with credit card numbers, name, addresses, passwords, email, etc.. of customers.
All of it in plain text within the databases that they carelessly left out when they went out.
All this crap should've been shredded in an industrial shredder, instead they literally just gave it away, opening them to serious legal trouble even if they went bankrupt. It's a clear case of complete negligence and wrongdoing.
The abandoned records were nothing compared to the shocking sight that was found near the back of the stockroom:
The rotting body of an emaciated cartoon giraffe, its neck still chained to a standpipe.
If they are that stupid about the causes they support why would they be better about protecting data ?
In my experience, I've always had to clean out old papers and trash when moving a business or business group into a "new" office. Much of that was just moving a group around within the facilities of a large corporation (one of the Dow 30), but, you'd think that would be better because the folks that moved out weren't losing their jobs.
I've actually encountered the same thing with houses. I've done some flipping, and it is remarkable how many people leave almost everything.
One home I rebuilt had been the home of a family with at least two young children. All of the clothes were still there, toys left where they had last been played with, kitchen fully stocked, dishes in the sink, bills in the drawers, all of the normal bathroom stuff in the bathroom, family pictures on the walls and in photo albums, and on and on. In my imagination, I figured they had been in a wreck or something where everyone died. I checked just to satisfy my curiosity and found that they had decided to move to Europe and just abandoned everything they couldn't take with them on the plane.
Inside they found plenty of hardware left behind
'Cuse me, I think I hear my mom calling me. I'll see y'all tomorrow -- sorry, going to be somewhat busy tonight.
If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
Driver's license and Social Security number are the most commonly used documents for the I-9 form. Basically, the government doesn't want you hiring aliens and visitors without a work visa, but don't have a system in place for an employer to verify if someone is authorized to work in the country (is a citizen or has a work visa). Rather than put together such a system, the government requires employers to collect the I-9 - it becomes the employer's proof that they did their due diligence and collected the info the government required of them to "determine" work eligibility. (In quotes because the documents are commonly forged, and the employer can't root out forgeries because they'll get in trouble if they mistake real docs for a forgery.)
The tax documents are probably the W-4 form. They're used to determine how much of your paycheck is withheld (sent directly to the IRS) for income taxes. If an employee is dishonest or wrong and the incorrect amount is withheld (usually the employee errs on the low side), it gets corrected on April 15. If the employee had too little withheld, they could face fines. So the employer has to keep the W4 on file as proof that the incorrect withholding wasn't their fault, and they did as the employee told them to do. It's a matter that is entirely between the employee and the IRS, but the IRS doesn't want to do it themselves (employee could submit the W4 to the IRS, and the IRS could tell the employer how much to withhold). So they require employers to do it and force them to keep each employee's W4 on file. This one has always baffled me - the IRS verifies it anyway when the employee files their taxes, so it's not like the IRS would have to do any extra work to handle it themselves instead of foisting the job onto employers..
Both are usually shoved in a filing cabinet and forgotten about, since the government requires you to keep them but they're never used for anything again (unless you happen to be raided by INS or ICE)..
Until that university has to shut down, then they won't give a hoot whose records get left behind.
What you're talking about it self-aggrandizing virtue signaling - they aren't doing it because they believe it's right, they're doing it to draw attention to themselves.
Why did they have medical records?
Why does an employer have access to employees medical records? That seems wrong to me.
Look at the NCIX Data breach.. So it's not a US Fluke either..
I had interview notes from about twenty people. Some were hired, some not.When I was moving to another department I removed some of my notes from the records and took the rest home, saved them for a few months then destroyed them. Didn't want people who followed me in the job to share my opinions with other workers, some don't know what to not say or when to just shut the hell up.
Yeah, well I work at a tier one Carnegie institution, and we don’t give a fuck. We’re too busy building sports stadiums and ensuring he have both enough (less qualified) diversity hires as well as enough talentless middle management such that the ratio of manager to employee in some places is 1:2. I call it the PhD ghetto: we need an associate dean of research in biology who knows budget; oh, you have a PhD in history and are a non-white male? Have a job making 120k doing very little. Also, if you’re a minority student let’s admit you with an ACT of 14, and at the one year mark you can fail out with a nice little 20k student loan following you around.
Meanwhile due to performance based budgeting we have a tremendous number of asses in seats at our chemistry department, yet have had our funds cut every fucking year and rely more on poor adjuncts. Did I mention the equipment the undergrads use is twenty-five years out of date?
Seriously, where I work they’d either cover a breach like this up, or just laugh it off in an attempt to minimize it. FERPA is a joke, and remember, you as an individual cannot file FERPA complaint, you can only complain to the Department of Education and hope that they do. Some states do have additional laws saying that you can go after a school for data disclosure personally (augments FERPA, not supersedes so there is no supremacy issue), but those are few.
At our university, at least, the bureaucrats take their rules and forms very seriously. They like nothing better than to enforce even trivial rules...
My experience is that this is half true. My university's bureaucrats are very glad to enforce rules that prevent someone from doing something. They need only say that something is forbidden, and they get positive reinforcement for doing their job, without any actual effort: they'll never follow up to check that the thing has not been done.
They're less assiduous when it comes to enforcing rules that require someone to do something. This would involve asking someone to do the thing, checking if it's been done, doing extra paperwork to say that it still hasn't been done ... all very tiresome. Far easier to turn a blind eye.
If I got a chance to live in Europe, I'd happy run out the door as fast as I could, and leave all of my shit just where it was, too.
I don't respond to AC's.
I strongly recommend Enrique for great hacking experience, he assisted me in hacking my cheating spouse phone and all social media account remotely without touching his phone ... you can also contact him via: .com
Email: collinshackworld @ g m a I l . C o m
Call/Text: +1( 4 0 9) 9 9 9 - 3 4 7 7
Whatsapp: +1(4 0 9 )9 9 9 - 3 4 7 7
Website: w w w. worldinvestigationservice
The car dealership I work for bought a car yard that the former owners had bankrupted. Got inside to look around the day we got keys. All the desks/furniture had been removed by the liquidators, but there were boxes of paperwork laying around that had customer info, bank details and financial info in them. There was also a huge box of unissued license plates.
This space for rent
If they have health information due to insurance data, then the liquidators and the last management to leave could be facing HIPAA charges, which have real teeth.
My company manages properties, and this doesn't surprise me whatsoever. A couple of years ago, a boutique (read: expensive) baby store went under, and apparently didn't give either us or their employees much notice. My wife and I were expecting, so we went to see if we could pick up anything. Not only did we completely furnish our kid's rooms, but the staff left behind pretty much all their computers, and didn't wipe a thing - hard drives completely intact, filing cabinets full. I didn't go through them, but I'd bet there was quite a bit of personal info on there. We destroyed them right away for liability reasons.
IMHO, this just indicates that there is a big need for A NEW (FEDERAL) LAW to make sure proper destruction of all private data whenever any company files for bankruptcy!
It should not be up to any company itself to decide what to do with employee information etc after a bankruptcy!
What are you going to do, enforce laws that make companies protect their employee's data? Sounds very BIG government to me, by Slashdot standards no? I'm sure Toys R Us went broke due to all the RED tape that needs to be cut. Boo, communism. Yay, small government. Yay, racist, psychopathic narcissist fucking russian plants in the white house. This place is fat MAGA neckbeard central.