Written on Thursday, March 15, 2007 by Gemini
San Jose, California
Consumers are bombarded with warnings about identity theft. Publicised threats range from e-mail thieves and lost laptops to the higher-tech methods of e-mail scams and corporate data invasions. Now, experts are warning that photocopiers could be a culprit as well. That’s because most digital copiers manufactured in the past five years have disk drives – the same kind of data-storage mechanism found in computers – to reproduce documents.
As a result, the seemingly innocuous machines that are commonly used to spit out copies of tax returns, passports and other such sensitive information can retain the data being scanned. If the data on the copier’s disk aren’t protected with encryption or an overwrite mechanism, and if someone with malicious motives gets access to the machine, industry experts say, information from original documents could get into the wrong hands.
Some copier makers are now adding security features, but many of the digital machines already found in public venues or business offices are likely still open targets, said Ed McLaughlin, president of Sharp Document Solutions Company of America. Although industry and security experts were unable to point to any known incidents of identity thieves using copiers to steal information, they said the threat was very real.
Daniel Katz-Braunschweig, a chief consultant at DataIXL, a US-based consulting firm, includes digital copiers among his list of data holes corporations should try to protect. He said a few of his clients learnt about the vulnerability after their copiers were resold and the new owners – in good faith – notified them of the data residing on the disks. Sharp was among the first to begin offering, a few years ago, a security kit for its machines to encrypt and overwrite the images being scanned, so that data aren’t stored on the hard disks indefinitely.
Xerox said in October it would start making a similar security feature standard across all of its digital copiers. Randy Cusick, a technical marketing manager at Xerox, said many entities dealing with sensitive information, such as government agencies, financial institutions, and defence contractors, already have mechanisms to make sure copier disks themselves or the data stored on them are secured or not unwittingly passed along in a machine resale.
Smaller businesses and everyday consumers are less likely to know about the risk, but should, he said. Sharp recommends that consumers take precautions, such as asking the copy shops they are using about whether their copier machines have data security installed.