Photocopiers are the newest threat to identity theft, a copier maker said today, because newer models equipped with hard drives record what's been duplicated. At tax time, when people photocopy tax returns, confidential information may be easily available to criminals.
"Consumers and business owners will photocopy highly confidential tax forms containing Social Security numbers, Employer Identification Numbers and other sensitive information in places outside the home, leaving them vulnerable to digital theft," Ed McLaughlin, president of Sharp Document Solutions of America, said.
At issue are the hard drives embedded in most copiers and intelligent printers manufactured in the last five years. Data is stored on the drive before a document is copied or printed; unless security provisions are in place, the data is stored unencrypted and remains there until the drive is full and new data overwrites old.
Sharp, a major copier maker, commissioned a survey in the US that found 55% of respondents planned to photocopy or print out copies of their tax returns and supporting documents this year. And almost half of that number will do so outside the home, using copiers and intelligent printers at their offices or public machines at libraries and copy centers.
"Everyone forgets that there's data in there," said Avivah Litan, an analyst with Gartner, "Copiers and other intelligent devices like multifunction printers are very exposed in the enterprise. They're open to attack via modems and people forget about changing the default passwords."
Sharp's survey also indicated that 54% of those polled did not know that digital photocopiers store an image of what is duplicated, and that a majority believed running off returns on copiers or printers is a safe practice. When told of the security threat posed by unsecured hardware, however, two-thirds of the people surveyed said they were less likely to copy their financial information on a public digital photocopier.
"I've not heard of any cases of ID theft [from photocopiers]," said Litan. "But there is certainly ID theft in public places like Internet cafes and from kiosks, so I don't see why it couldn't happen at someplace like a Kinko's."
Sharp was one of the first photocopier makers to offer a security kit that encrypts data on the hard drive and "shreds" each copied document by overwriting the image after it's printed. Rival Xerox introduced similar features on its machines last year.
"We've told enterprises that they should change the password from the default on copiers and [multi-function printers]," said Litan. "They should disable all services that they don't need, and make sure that the data modem is separate from the fax modem."