by Sid Kirchheimer, From the AARP Bulletin Print Edition, November 1, 2010
Several months ago, more than 400,000 New Yorkers received a data breach notification from health care provider Affinity Health Plan. But the warning wasn't due to the usual culprits, hackers who break into corporate computer systems. Rather, it was prompted by a single office copying machine.
You might not think a photocopier could cause such harm. But consider this: Starting in 2002, most copiers manufactured for use by businesses, libraries and copy centers have been equipped with computer hard drives.
"Every time you make a copy, print, scan, e-mail or send a fax from that machine, it makes and stores images of the document to the hard drive," says copier security expert John Juntunen. Unless the hard drive is erased or replaced, images of copied documents — including those with Social Security numbers, bank account information or medical files — remain stored inside the machine.
"The problem is, about 90 percent of office copy machines in the U.S. are leased," he adds, "and when those leases are over, most of those returned machines are exported or resold without anyone touching them."
For now, there is no evidence that identity thieves have used information left over in copiers, says Juntunen, whose company, Digital Copier Security, provides technology that deletes data from copier hard drives.
But the potential is clearly there. Earlier this year, CBS News accompanied Juntunen to a New Jersey warehouse and bought four copiers that had been leased and returned. One of the machines, formerly used at an Affinity Health Plan office, yielded medical records of nine individuals. Based on that machine and Affinity's use of many more hard-drive-equipped copiers, the company sent out its mass notice of a potential data breach. The machines also contained police records and pay stubs with Social Security numbers.
In May, Rep. Edward Markey, D-Mass., called for an investigation. And the Federal Trade Commission announced that it was "reaching out to copier manufacturers, resellers, and retail copy and office supply stores to ensure that they are aware of the privacy risks."
Most manufacturers had already acted. Copiers made since 2007 have been equipped with built-in technology that allows the erasing or encrypting of hard drives. "The real problem is with machines made from 2003 to 2007," says Juntunen. Huge numbers of them remain in use across the country — possibly at your library or doctor's office.
So how can you protect yourself?
Sid Kirchheimer is the author of Scam-Proof Your Life, published by AARP Books/Sterling.
Please leave your comment below.
You must be logged in to leave a comment.
Members save 20% on purchases or $20 when they spend $79.99 or more.
Exclusive program for members from The Hartford.
Get tips and resources to protect yourself from fraud and see the latest scam alerts in your state.
AARP members receive exclusive member benefits & affect social change.
You are leaving AARP.org and going to the website of our trusted provider. The provider’s terms, conditions and policies apply. Please return to AARP.org to learn more about other benefits.
Your email address is now confirmed.
Manage your email preferences and tell us which topics interest you so that we can prioritize the information you receive.
Explore all that AARP has to offer.
In the next 24 hours, you will receive an email to confirm your subscription to receive emails
related to AARP volunteering. Once you confirm that subscription, you will regularly
receive communications related to AARP volunteering. In the meantime, please feel free
to search for ways to make a difference in your community at