Skip to main content

Buffalo, NY: Most Americans are aware of online security and load their computer systems with anti-virus/anti-spyware. But most aren't aware that digital copier hard drives are loaded with information and are a veritable gold mine for identity thieves.
Identity Thieves Can Hit the Jackpot with Digital Copiers
Gone are the days when photocopiers used mechanical devices to reproduce a document. Nearly every copier built since 2002 contains a hard drive that stores every image you scan, copy, and email. Many individuals and corporations lease copiers; identity thieves don't even have to do a break and entry. They can lift valuable information about you from an internet café while the seat is still warm. Or they can simply buy used copiers for just a few hundred bucks each, CBS News reports.

A few months ago a CBS crew and John Juntunen of Digital Software Security bought some used copiers from a warehouse in New Jersey. What they lifted from some of the hard drives is scary, to say the least, as well as an embarrassment for the Buffalo, New York Police Sex Crimes Division, the Buffalo Police Narcotics Unit, a New York construction company, and Affinity Health Plan. The latter is potentially a federal breach of privacy law: CBS found 300 pages of individual medical records, including drug prescriptions, blood test results, and even a cancer diagnosis.

CBS also found domestic violence complaints, a list of wanted sex offenders, and a list of targets in a major drug raid.

Representative Ed "Biz" Markey, a congressman from Massachusetts, asked the Federal Trade Commission (FTC) to investigate the potential danger of digital copiers. He wrote the following letter to the FTC:

Thousands of Americans make copies of sensitive information every day, completely unaware that the data is stored on a copy machine hard drive and then often never cleared when the machine is resold or disposed of. Just as you wouldn’t leave a paper copy of your bank statement sitting on top of the office copy machine, a digital copy should not remain inside of it.

I urge the FTC to immediately investigate this matter and encourage the Commission to pursue measures to provide consumers with additional information about the privacy risks associated with the use of digital copiers for copying sensitive information and the steps consumers can take to reduce these risks. Companies and government agencies also should be responsible stewards of personal information, ensuring that any personal information is wiped clean before the copier moves on to the next user.

Thinking about the information you have copied could make your head spin: tax returns including your social insurance number, employer identification numbers, confidential information for your attorney's eyes only…

The CBS story also pointed out that document-laden copiers were being shipped from New Jersey to Argentina and Singapore. Identity thieves could really hit the jackpot prowling the capitol—likely a number of used digital copiers contain very sensitive and top-secret information.

Original Post

Replies sorted oldest to newest

Interesting, but still overstating the value.

As an identity thief (hypothetically), I'd be an idiot to spend a "few hundred bucks" on a copier hard drive on the off chance that someone may have once copied something with their credit card info on it.

Even if you did once copy that, the chances I'll be able to recover that data (both the Ricoh and Canon copiers delete immediately after use and those areas are marked as reusable) after thousands of other documents may have overwritten it is laughable.

Totally guessing, I'd say 20% of copiers might have something of interest to an identity thief.

Now think, That means I'd have to buy 5 copiers for "a few hundred bucks" just to get one document.

I'm pretty sure that if I dug around, I could find info a LOT cheaper than that. A quick web search shows that the going price for a "guaranteed" valid credit card number with at least $4,000 limit is $140.

That's a whole lot better than having to search through 1,000s of recovered documents trying to find a CC number that might have been deactivated years ago.

Only a couple of ways I see this being an issue at all. If you are a Government entity dealing with secure data (like cold fusion), or if you will pay a penalty for releasing data (SOX, PCI, HIPPA) even though the data is no big deal. In those cases, when you are done with the copier, remove the hard drive and destroy it. Tada, issue solved.

Otherwise, the only people this is an issue for is the guys who are trying to sell you something to "fix" this problem. In case you missed it, the guy in the CBS report is one of those guys selling solutions to this massive problem.
I am convinced that the CBS story was a hoax or that CBS was had by their so called expert who was really peddeling a product. We have spent numerous hours trying to re-create the scenerio in the CBS story and have been totally unsuccessful. I don't believe anybody short of the manufacturer or the FBI is capable of retrieving any of the data in a meaningful way.

I am convinced that the few documents they showed in the news clip were actually document server documents stored intentionally or accidentally by the previous owner of the copier.

The story however is intended to give the impression that virtually anything copied, printed or scanned is on the hard drive waiting for a simpleton to easily retrieve. That is just false!

Add Reply

Post
×
×
×
×
Link copied to your clipboard.
×
×