Are Copy Machines a Security Risk?

Posted by



Watch CBS News Videos Online

Almost all copiers made since 2002 have a hard drive buried inside the machine. Just like the ones in your computer, those hard drives store data and information. They store images of every document that is scanned, copied or emailed. This turns your office necessity into a time bomb. If someone is in the Identity Theft business, a standard used copier could be a pot of gold.

“The type of information we see on these machines with the social security numbers, birth certificates, bank records, income tax forms,” John Juntunen said, “that information would be very valuable.” Juntunen’s Sacramento-based company Digital Copier Security developed software called “INFOSWEEP” that can scrub all the data on hard drives. He’s been trying to warn people about the potential risk – with no luck.

For the purpose of this investigation, CBS news correspondent Armen Keteyian and Juntunen bought several used copier. At the time of purchase, they had no idea who had owned the machines previously. Once they pulled the hard drives out, they found thousands of pieces of sensitive information. One of the copiers had documents still on the copier glass, from the Buffalo, N.Y., Police Sex Crimes Division.

The results were stunning: from the sex crimes unit there were detailed domestic violence complaints and a list of wanted sex offenders. On a second machine from the Buffalo Police Narcotics Unit we found a list of targets in a major drug raid.

The third machine, from a New York construction company, spit out design plans for a building near Ground Zero in Manhattan; 95 pages of pay stubs with names, addresses and social security numbers; and $40,000 in copied checks.

But it wasn’t until hitting “print” on the fourth machine – from Affinity Health Plan, a New York insurance company, that we obtained the most disturbing documents: 300 pages of individual medical records. They included everything from drug prescriptions, to blood test results, to a cancer diagnosis. A potentially serious breach of federal privacy law.

It seems as though no one realizes how huge of a potential threat to security this is. A large majority of people who have used copy machines never knew that there IS a hard drive in them which keeps a copy of everything they’re doing. It’s almost as though this is being swept under the proverbial rug. Why isn’t anyone making more noise about this? Why aren’t there headlines everywhere shouting to people to warn them of this situation? There should be warning labels on every one of these machines, and pages in the instruction booklets telling consumers how they can permanently remove the data in the event the machine is sold or given back at the end of a leased period.

How many times have you used a device like this in a work environment to scan, fax or copy things of a sensitive nature? How often have you used a “public” machine (for instance, in a bank) to fax important personal information to a company… such as your insurance company? Do you have any idea where your data is now? I have a feeling that you don’t. And that, my friends, worries me.