CBS news recently reported that copy machines manufactured since 2002 have hard drives. As usual, CBS went out of their way to sensationalize the story. If you have not seen the video, here is the link to the original story:
Digital Photocopiers Loaded With Secrets
If you just take that story at face value and don’t question it at all, you would be terrified into thinking that your own insurance company, the social security administration and maybe the police department all have allowed copy machines containing piles of your personal data to be returned to be resold at the end of a lease period. This is not entirely true and has been blown out of proportion by the media hype machine as usual.
Many companies have policies that allow them to retain(for destruction) the hard drives in their copiers at the end of a lease period. Others will wipe the drives before returning them to the leasing companies. I would urge any company who does not have such a policy in place to enact one immediately.
Next, the video leads viewers to believe that there is an option to add security to these copy machines but it costs $500 extra and nobody does it. That option the video is referring to is a scrambler board specifically for Toshiba copiers; others may have such an option too. I suppose that is a nice option but most(all?) copiers have settings available (in minimal configurations even) to ensure that documents aren’t stored on the hard drive after they are printed off or at least are deleted after a certain amount of time passes. Yes, forensics can recover deleted files but this is one more hurdle for an identity thief to jump over and I would wager that most of them don’t have the skills for such a task.
Lastly, the video alleges that these 4 copy machines were picked “randomly” by page count, age, etc. BULL!! I don’t buy that for a minute. I would love to have been there in person to watch them cherry pick the four machines they dragged back to their office. “Look, insurance company asset tag, we’ll take it!”
All in all this story seems like a bunch of FUD. These used copy machine warehouses being a candy store for identity thieves makes a nice news story but don’t forget that A) It takes a bit of effort and money to drag home a bunch of copiers at random to mine for data. B) Much of the world’s population of identity thieves are overseas and mining data on copiers isn’t really practical for them anyways. C) Identity thieves usually go for the lower hanging fruit. It’s way cheaper and easier to dumpster dive or steal your mail to gain the information they need.
That being said, you can’t count on anyone else to sanitize your used devices. That includes old cell phones, ipods, laptops or anything else that might have personal data on them. Always check those items before they leave your possession.
