While attention has been focused on the security risks posed by laptops, smartphones, flashdrives and more sophisticated electronic devices, humble office photocopiers have been quietly accumulating personal data on hard drives most of us didn't know were there. A CBS News investigation reveals the ease with which clever identity thieves can access reams of data for the price of a used copier.
For the report, CBS's team purchased four used copiers for about $300 each from a New Jersey warehouse. With the help of John Juntunen of Digital Copier Security, which markets scrubbing software called "INFOSWEEP," each copier's hard drive was removed in 30 minutes, then scanned using free forensic software downloaded online. Within 12 hours, the hard drives yielded highly sensitive documents including criminal investigations, financial and payroll records, real estate development documents, and 300 pages of individual medical records from Affinity Health Plan, including prescriptions, blood test results and diagnoses.
Modern copiers use digital scanning technology that is stored to hard drives. Most businesses would not sell or dispose of used computers without taking steps to render any remaining data inaccessible (at least we hope so). The same caution should be taken with copiers.
CBS reports that all the major manufacturers offer security or encryption packages on their products. For example, Sharp's product, which automatically erases an image from the hard drive, costs $500. Aftermarket products like INFOSWEEP claim more thorough results. Whatever you decide to do about your copier's stored data, doing nothing is not the solution.