Printers

Police, medical records found on used copy machines

CBS News finds used copy machines loaded with sensitive data--police records, pay stubs, copied checks, and private medical documents.

Back in 2007, I wrote about the significant security risks posed by modern office copiers. Almost every copier made since 2002 contains a hard drive, which stores a copy of every document the machine scans, prints, copies, or faxes. And if you need proof of just how dangerous this stored information can be, check out the following video from CBS News.

Watch CBS News Videos Online

CBS News chief investigative correspondent Armen Keteyian talked about the threat with John Juntunen, who's company Digital Copier Security developed software designed to scrub data from copier hard drives. Juntunen and CBS News purchased four used copies from a New Jersey warehouse. Using data recovery software available for free on the internet, they were able to recover thousands of documents from the machines.

One of the machines had been used by the Buffalo, N.Y., Police Sex Crimes Division. The hard drive from it yielded "detailed domestic violence complaints and a list of wanted sex offenders." A second machine from the Buffalo Police Narcotics Unit, contained "targets in a major drug raid. " On the third machine, once used by a New York construction company, CBS News and Juntunen found "design plans for a building near Ground Zero in Manhattan; 95 pages of pay stubs with names, addresses and social security numbers; and $40,000 in copied checks."

But despite the sensitivity of the information discovered on the first three machines, it was the information on the fourth machine that they found what Keteyian called the "most disturbing documents." The machine, once used by Affinity Health Plan, a New York insurance company, contained "300 pages of individual medical records."  These records included "everything from drug prescriptions, to blood test results, to a cancer diagnosis."

There are ways to wipe data from copy machine hard drives. But as this report shows, many organizations aren't making the effort, aren't aware of the risk, or aren't verifying that the data has been erased before decommissioning old copiers.

Check out the following links for more on this report from CBS News and a follow-up from the City of Buffalo, New York.

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

Editor's Picks