Are Copy Machines a Security Risk?

Watch CBS News Videos Online

Almost all copiers made since 2002 have a hard drive buried inside the machine. Just like the ones in your computer, those hard drives store data and information. They store images of every document that is scanned, copied or emailed. This turns your office necessity into a time bomb. If someone is in the Identity Theft business, a standard used copier could be a pot of gold.

“The type of information we see on these machines with the social security numbers, birth certificates, bank records, income tax forms,” John Juntunen said, “that information would be very valuable.” Juntunen’s Sacramento-based company Digital Copier Security developed software called “INFOSWEEP” that can scrub all the data on hard drives. He’s been trying to warn people about the potential risk – with no luck.

For the purpose of this investigation, CBS news correspondent Armen Keteyian and Juntunen bought several used copier. At the time of purchase, they had no idea who had owned the machines previously. Once they pulled the hard drives out, they found thousands of pieces of sensitive information. One of the copiers had documents still on the copier glass, from the Buffalo, N.Y., Police Sex Crimes Division.

The results were stunning: from the sex crimes unit there were detailed domestic violence complaints and a list of wanted sex offenders. On a second machine from the Buffalo Police Narcotics Unit we found a list of targets in a major drug raid.

The third machine, from a New York construction company, spit out design plans for a building near Ground Zero in Manhattan; 95 pages of pay stubs with names, addresses and social security numbers; and $40,000 in copied checks.

But it wasn’t until hitting “print” on the fourth machine – from Affinity Health Plan, a New York insurance company, that we obtained the most disturbing documents: 300 pages of individual medical records. They included everything from drug prescriptions, to blood test results, to a cancer diagnosis. A potentially serious breach of federal privacy law.

It seems as though no one realizes how huge of a potential threat to security this is. A large majority of people who have used copy machines never knew that there IS a hard drive in them which keeps a copy of everything they’re doing. It’s almost as though this is being swept under the proverbial rug. Why isn’t anyone making more noise about this? Why aren’t there headlines everywhere shouting to people to warn them of this situation? There should be warning labels on every one of these machines, and pages in the instruction booklets telling consumers how they can permanently remove the data in the event the machine is sold or given back at the end of a leased period.

How many times have you used a device like this in a work environment to scan, fax or copy things of a sensitive nature? How often have you used a “public” machine (for instance, in a bank) to fax important personal information to a company… such as your insurance company? Do you have any idea where your data is now? I have a feeling that you don’t. And that, my friends, worries me.

5 thoughts on “Are Copy Machines a Security Risk?”

  1. What’s the point of copiers even saving their documents for long periods of time, anyway? If I ever need to make more copies of something I copied six months ago, I’d sooner run another job from the original hard-copy than to search the machine’s hard drive for the last run of that document. Given that many people don’t even know that copiers have a hard drive, they would obviously do the same!

  2. Hi, Chris. An interesting article. I work for a copier company here in Sacramento, CA. When we retire a copier, the hard drive from the machine (they don’t ALL have hard drives, but most do) is physically destroyed by shredding. If the client asks about the data on the hard drive, we offer it to them to protect as they wish; most let us shred them.

    I asked our service manager about erasing the drives. He says that it would cost more (in labor) to erase the drive than it costs to replace it with a new one and shred the used one!

  3. dear cbs ,, nice ADVERTIZEMENT for
    Digital Copier Security ‘s “INFOSWEEP”

    if we thought cbs was a reliable source
    this screems that cbs is not!

    “turns your office necessity into a time bomb” ?
    it is this type of hype story that makes tech’s cry,
    now I have to undo what CBS did ! GFD!

    oh and to Ken Mitchell ,
    “it would cost more (in labor) to erase the drive than it costs to replace it with a new one and shred the used one!”
    no that is wrong!

  4. 1). It seems quite clear that not many people, if any, including myself, knew that commercial copiers had hard drives that retain all information or what happens to it on expiry of machine.

    That said,

    2). In UK we have to take ID to work agencies as laid down by law! putting our original information into their hands temporarily to validate/copy it. This act alone can put a whole set of ID in one place, it can be futher copied to digitise it without your knowledge! onto another computer system’s hardrive.

    The ID security risk problems seem far reaching…?

    What about the copier service engineers, they have access to the hard drives and may have to replace a faulty one, where does the the original end up? Are there protocols for the copier leasers & servicers to remove/erase such data?

    More questions than answers for me!

Leave a Reply

Your email address will not be published. Required fields are marked *