Your Money
;
Scam Alert
A public copier is handy, but it may put your secrets at risk
A Thief in the Photocopier
By Sid Kirchheimer
S
everal months ago, more than 400,000 New Yorkers received a data breach notification from
health care provider Affinity Health
Plan. But the warning wasn’t due to the
usual culprits, hackers who break into
corporate computer systems. Rather, it
was prompted by a single o;ce copy-
ing machine.
You might not think a photocopier
could cause such harm. But consider
this: Starting in 2002, most copiers
manufactured for use by businesses,
libraries and copy centers have been
equipped with computer hard drives.
“Every time you make a copy, print,
scan, e-mail or send a fax from that
machine, it makes and stores images of
the document to the hard drive,” says
copier security expert John Juntunen. Unless the
hard drive is erased or replaced, images of copied
documents—including those with Social Security
numbers, bank account information or medical
files—remain stored inside the machine.
“The problem is, about 90 percent of office
copy machines in the U.S. are leased,” he adds,
“and when those leases are over, most of those
returned machines are exported or resold with-
out anyone touching them.”
For now, there is no evidence that identity
thieves have used information left over in copi-
ers, says Juntunen, whose company, Digital
Copier Security, provides technology that de-
letes data from copier hard drives.
But the potential is clearly there. Earlier this
year, CBS News accom-
panied Juntunen to a
New Jersey warehouse
and bought four copiers
that had been leased and
returned. One of the ma-
chines, formerly used at
an A;nity Health Plan
office, yielded medical
records of nine indi-
viduals. Based on that
machine and A;nity’s use of many more hard
drive-equipped copiers, the company sent out
its mass notice of a potential data breach. The
machines also contained police records and pay
stubs with Social Security numbers.
One
leased copy
machine
yielded
the medical
records
of nine
people.
In May, Rep. Edward Markey, D-Mass.,
called for an investigation. And the Fed-
eral Trade Commission announced that
it was “reaching out to copier manufac-
turers, resellers, and retail copy and of-
fice supply stores to ensure that they are
aware of the privacy risks.”
Most manufacturers had already
acted. Copiers made since 2007 have
been equipped with built-in technology
that allows the erasing or encrypting of
hard drives. “The real problem is with
machines made from 2003 to 2007,”
says Juntunen. Huge numbers of them
remain in use across the country—pos-
sibly at your library or doctor’s o;ce.
So how can you protect yourself?
; When you copy sensitive docu-
ments, try to use a home printer that
has a copy function. That machine is unlikely to
help identity thieves: Most home printers that
generate 20 or fewer pages per minute have no
hard drives.
; If you must use a public copier, ask the people
who oversee it how they protect users’ informa-
tion. Such inquiries will raise awareness of the is-
sue and in the long term encourage the erasing of
the machines’ drives. “No one wants to be respon-
sible for resulting problems,” says Juntunen.
; Ask whether the machine is owned or leased.
Owned copiers are less likely to be resold and
reach scammers. ;
Sid Kirchheimer
is the author of
Scam-Proof
Your Life
, published by AARP Books/Sterling.
ASK SID
;
How can I tell if a ‘skimmer’ has been put on my ATM?
t can be hard. These devices that
thieves attach to the card slot
in order to capture account in-
formation from your card’s mag-
netic strip have become more sophis-
ticated. One tipoff: Most ATMs have a
flashing light at the card slot. If the light
is obscured, that’s a sign of tampering.
Other giveaways: a card slot that is not
securely attached or has a different col-
or than the rest of the ATM. Use ATMs
in bank lobbies and other places with
24-hour video surveillance. And always
cover the keypad as you enter your PIN,
because a thief’s spy camera may be
watching. Send queries to Ask Sid, 601 E
St. NW, Washington, DC 20049 or send
them by e-mail to asksid@aarp.org.
1A
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
DD1
DD2
DD3
DD4
23
24
25
26
27
28
29
30
31
32
33
34
35
36MA
37
38
39
40
41
42
43
44
Zoom level
fit page
fit width
A
A
fullscreen
one page
two pages
share
clip
SlideShow
fullscreen
Open Article
article text for page
< previous story
|
next story >
add comment
|
read comments
Share this page with a friend
Save to “My Stuff”
Subscribe to this magazine
Search
Help
