Printer Peril! The Identity Theft Danger Hiding Inside Office Equipment

Printer Peril! The Identity Theft Danger Hiding Inside Office Equipment

These days, every office, library or copy center has a multifunction peripheral (MFP)—a digital copier/printer combo that you can use to print, copy, scan, fax and email documents.

Perhaps you’ve used your office MFP to print a credit application or make copies of your employment or insurance documents. Or maybe you’ve used a local copy center to fax financial documents related to a home sale, or used a digital copier to make copies of your driver’s license and passport for identification verification.

In each of these cases, you may be leaving behind a trail of personal information that thieves can access, enabling them to steal your identity or violate your privacy.

Why Printers Are Dangerous to Your Identity

Since 2002, most digital MFPs have a hard drive, just like a computer. Every document you print, fax, scan or email might be stored on the hard drive, just waiting for someone to access it.

In one investigation conducted by CBS News, used printers purchased at a warehouse contained a wide variety of extremely compromising documents, including detailed domestic violence complaints; pay stubs including names, Social Security numbers and cancelled checks; and personal medical records.

In 2010, Affinity Health Plan had to pay a $1.2 million penalty after it exposed more than 30,000 personal medical records by failing to erase them from copier hard drives before returning them to the leasing company.

Because printers and copiers now offer wireless connectivity, they are also vulnerable to hacking, just like any other network. To demonstrate this insecurity, in 2014 a researcher at Context Information Security hacked into a printer to install and play the video game Doom.

How to Protect Your Data When Using MFPs

Some MFP manufacturers include security measures to protect sensitive data, including:

• Encrypting data that is stored in memory or on the hard drive
• Clearing data after each use
• Overwriting deleted data so it can’t be recovered

However, not all manufacturers use the same measures, and some offer security features as an expensive add-on package, so even if it’s available, it may not be in use.

Because you probably won’t know exactly what the manufacturer of the MFP you’re using offers in the way of security (or even who the manufacturer is), take the following precautions to keep your data safe:

• Without the proper security, your personal data could be visible to others that have access to the same MFP, so be careful when storing information such as names, email addresses and fax numbers, and be sure you clear any documents or data from the equipment once you’re done.
• If you lease an MFP, before returning the equipment make sure the hard drive is erased or physically destroyed by a professional company like PROSHRED Connecticut. Many old printers are sold, and any saved data will be accessible to whoever ends up in possession of the device.
• Limit the use of copy centers or other open-to-the-public equipment for sensitive information, and be aware of privacy policies and safeguards for using equipment and disposing of hard drives.
• Consider using your home printer for private documents. Because home printers do not have hard drives, they are less likely to endanger your data.
• If you use your office MFP, ensure the proper security controls are in place, and that those controls are set and monitored by the IT department.