I'll bet that at some time in your life you've used the company copier to copy a personal document. But no one was the wiser, right? Well, think again, according to a CBS report. Some older business copiers, which scan the document to digitize, then print the digital image, also store that image on its hard drive. If the drive isn't scrubbed before the copier is sold/junked, those images could still reside on the drive for thieves to exploit.
And the threat goes beyond your occasional use at the office. What about the copy shop that you use? Does your accountant make copies of your tax documents? Then that copier might have stored images of your documents on its hard drive. How about doctor's offices? School offices? Have your loved ones perhaps copied, on their office copier, intimate photos you've shared with them?
According to John Juntunen, the COO and founder of Digital Copier Security, who spoke with me by phone, the threat is particularly high in copiers made prior to 2007, because manufacturers were not yet building in security measures. Experts from Digital Copier Security did a demonstration with a CBS crew and found tens of thousands of documents in 12 hours by stripping out hard drives from four obsolete copiers, uncovering everything from lists of wanted sex crime offenders to personal medical records.
Thankfully, companies such as Xerox have take huge steps to safeguard this information. I spoke by phone with Bill McKee of Xerox, who told me that with his company's disk override/disk erase system that is used on its copiers, each new document copied overrides the previous one, eliminating the threat.
Even so, Juntunen cautions that valuable information may remain on even newer copiers. Documents that are still in the print queue waiting for the right size of paper might be retrievable. If you've input a contact list for fax blasts, that could be harvested as well.
Even the information such as passwords and addresses that allowed the printer to access a network can be of value to thieves, who could use it to remotely penetrate that network. And Juntunen is underwhelmed at the steps taken by copier vendors to scrub returned machines, pointing out that some machines have as many as five hard drives, and dealers often miss one or more of them when attempting to destroy the drives and any information on them.
I asked Juntunen about personal printers such as my Brother-brand fax/scanner/printer; should I be concerned that it is also storing information? He told me that I needn't be concerned about printers that make fewer than 20 copies per minute.
I then wondered about copy shops such as Kinko's. Kellie Bell of FedEx, owners of Kinko's, reassured me by phone that the company uses security-equipped Sharp and Xerox machines and has procedures in place to guard against any data leaks. She is "not aware of any instance where information has been retrieved from one of our copiers."
Nonetheless, the biggest risk with newer copies, it seems, is that no matter how much security is built into them, careless people can still manage to muck up the system. For example, CBS found sensitive documents, the original paper ones, still on the glass screen of one used copier for sale.
What can you do to minimize the risk? Juntunen recommends asking questions of your copy shop, doctor's office staff, your accountant, and others that have copiers in use. Make sure that they are aware of the risk and know what they need to do to guard against giving away your personal data.
Older digital copiers can pose identity theft risks