Where Did That Come From?
Many victims of identity theft have no idea how their information was stolen. Unfortunately, business processes may be leading to the disclosure of customer or employee personal information. It seems obvious that hard drives that are in desktop and laptop computers need to be sanitized before being surplussed but a recent article identifies copy machines as having similar issues with the storage of personal information. Who’d have thought!?!?
56 percent of people victims of ID theft have no idea how perpetrators got their ID,” said Sean O’Leary of Digital Copier Security, “And we can assume a portion or large part is a result of data breeches from photocopiers.”
That’s right – photocopiers.
O’Leary says he believes most companies don’t realize their copy machines have hard drives.
“We just take it for granted this little photocopier sitting in the corner of an office is safe and innocuous,” said O’Leary, “But in reality, with that hard drive it’s storing personal information.”
Today’s copy machines do a whole lot more than copy. They print. They scan. They email. They fax.
The machine has to have a way to remember all that information.
Between 1998 and 2002, companies began equipping copy machines with hard drives.
“Press Copy to have your Identity Stolen.” Melissa Yeager, WINK News, Nov 12, 2009
Considering the type of information that is “copied”, it seems that copier hard drives may be an ideal source for the malicious person looking to steal sensitive data. While it may seem simple to use a program like DBAN to wipe the hard drive of a desktop or laptop, removing data from a leased copy machine may create a challenge for most organizations. Leasing companies should be warning companies about the hard drives and providing either a manner in which to sanitize the hard drive by the customer OR certifying the destruction of personal information when the copier is exchanged as part of a lease.
Sometimes the information security challenges come from unusual places. With technology advances, we need to be mindful of where information flows throughout ALL of the organization, even in what most would consider to be rather innocuous places.
