Did you know?

Did you know that the hard drive on your copier may contain a copy of every print or scan job ever sent to it? Beginning in 2002, nearly every copier used in business contains one, or more, hard drives that are capable of storing all kinds of data. Most digital copiers in service today store an image of every copy, scan and print job. Although it may be stored in a proprietary language or encrypted, once a hacker breaks this code, it is possible to gain access to your data.


The Threat is Real!
It's easy to dismiss the threat of identity theft posed by today's digital copiers. After all, if the threat were real, wouldn't it be splashed all over the headlines? If access to sensitive personal data was really that easy, wouldn't we have been warned about it just like we are about other vulnerable access points like computers, phishing and even the U.S. mail? You would think so, wouldn't you?

In a report on identity theft, commissioned by the Federal Trade Commission, over half (56%) of all identity theft victims reported that they did not know how their personal information was stolen. The other 44% was divided among eight categories without so much as a mention of digital copiers. We believe that the copier threat is hidden in the 56% of victims who "don't know how info was taken". We also know that this threat is just emerging and that, unless something is done, copiers could well become a major source of illegally obtained non-public information.

DCSI performs regular testing and our hypothesis has been confirmed over and over again. We randomly select machines from a copier wholesaler and then use proprietary forensic techniques to uncover the data written to their hard drives. In our testing, we have uncovered:

- Complete consumer home loan documentation packages

- Individual investment transmittals

- Copies of checks, driver's licenses and employment applications

- Business plans, feasibility studies and other sensitive corporate data

- Student pictures and information

- Internal reports, statistics, memos and emails

All of this from machines selected completely at random! Imagine what we would find if we targeted specific industries such as banking or medical services. This threat is very real!

Thousands of these machines leave businesses every month with the internal data intact. Some are resold domestically and many are placed into cargo containers and shipped overseas. There is no control over the resale of these machines. They are sold on the open market to anyone with the cash to buy them.

You must take the steps necessary to protect your company and your customers by making certain that all of the data contained in these machines is completely and permanently cleared before they leave your control.

Some machines require no hacking at all! Just the press of a button and jobs can be reprinted on demand. Many copiers allow users to reprint any job on the printed job list. Copiers that have a print-and-hold feature store the documents until someone erases them. We can tell you from firsthand experience that, even after erasing, most of the information isn't cleared.

DCSI has received machines with customer's full home loan documentation still stored on the hard drive. We have seen investment documents, copies of customer checks and other forms of information containing names, addresses, social security numbers, bank account information and other sensitive personal data, everything a criminal needs to steal your identity.
Many copiers also contain Information Technology (IT) information, making most IT managers cringe when they find out that their office copier has left the premises with a list of all of the user's email addresses as well as outgoing fax numbers and contact names. Many of these copiers also contain the IP address of the company's primary and secondary email server and, in many cases, a secure logon password.

Still not convinced? Other security risks abound! Most digital copiers have no firewalls or filtering. In an article from a major university, the IT department uncovered unauthorized use of a network printer/copiers: the students were using the copier hard drive as an exchange server for MP3 music files.

Protect your customers and your company.

Where does the data go?
Thousands of used copiers leave U.S. businesses every month. At lease maturity, at the end of their useful life, or anytime a company wants to upgrade features or update to the latest technology, new copiers are installed and old ones are removed. But where do they go? And what happens to the sensitive data that resides on their hard drives?

The first question is fairly simple to answer. Used machines are typically shipped directly to wholesalers who specialize in their resale. At various places throughout the country, huge warehouses stand full of used copiers. These wholesalers offer the better machines for sale or bid to retail copier dealers who purchase and resell them to their clients. While there is no reliable data available to establish an exact percentage, the majority of used copiers do not make it back into the domestic market for resale. In order to make room for the constant flow of returned machines, wholesalers pack them into cargo containers and ship them to overseas buyers.

Whether sold to foreign or domestic buyers, these copiers leave the wholesaler with their original hard drives, and other storage devices, full of their previous user's information. If you've ever shipped a copier from your premises, you have potentially sent thousands of pages of sensitive customer data and company information into the unknown!

Source: