Most consumers do not realize that all the papers they feed into digital copier machines built since 2002 maintain another copy on their hard drives. This could be quite a jackpot for identity thieves. It includes all documents copied, scanned, or emailed by the machine.
Especially useful to thieves would be items with social security numbers, birth certificates, bank records, income tax forms and credit card numbers. Papparazzi would find a treasure trove of more confidential personal data about the people they stalk and on which they make fortunes.
In 2010, CBS researched what they could find on copiers they purchased which were sitting in warehouse and reported the results. Watch the video about it on their website. Within 30 minutes, the hard drives were removed from the copiers and a forensic software program free on the Internet was used to scan them. In less than 12 hours, tens of thousands of documents were downloaded.
Examples of the information retrieved were 95 pages of pay stubs with social security addresses, $40,000 in copied checks, and plans for a building constructed in Manhattan near Ground Zero in Manhattan. One example that broke the federal privacy law was the 300 pages of individual medical records from a New York insurance company.
Copier manufacturer Sharp commissioned a survey which found that of the 55 percent of Americans who planned to photocopy/print out tax returns and supporting documents, about half were doing it at their offices or library and copy center public machines. Of the people polled, 54 percent had no idea that digital photocopiers stored an image of they were copying. Prior to that knowledge they had felt safe copying on public machines.
Sharp and Xerox now offer security kits which encrypt hard drive data and overwrite images after they are copied. Companies have been warned to take proactive steps like changing default passwords on the machines, disabling all unnecessary service, and keep data modems separate from fax modems. This applies to multi-function peripherals (MFPs) as well. There are also simple fixes like codes than can be keyed in, then the machine is rebooted and the hard drive is erased. Check with the manufacturer.
Other things to consider include who has physical access to the machines. Sensitive information needs protection and there are data security kits available. Check the National Vulnerability Database for issues with specific brands of MFPs. Be sure the password in web-based configurations is not the default to protect address books. Do not use a public MPF or copy services when a document contains sensitive information since it is impossible to know whether a copy is being saved by them.
Do recycle machines for the sake of the environment, but when disposing of ones with hard drives, be sure that the hard drives are removed, destroyed, kept on-site, or have the MFP distributor use an approved process to clear the drive.