Don’t copy your tax return at just any copier
Newer copiers can retain scanned data–like those tax returns you ran through in hopes of an early payment–and an enterprising identity thief can get access to all that personal and financial information. The article at Fox Twin Cities doesn’t mention how difficult it would be for an identity thief to simply re-print the last few documents, but I can’t imagine it would take long to figure out.
Copiers being made today contain encryption program to protect data on the disk, but most copiers out in use are unprotected. Be careful where you copy documents with extensive personal and financial information on them.
6 Comments on “Don’t copy your tax return at just any copier”
Leave a comment
When you post a comment on this blog, you grant us the right to modify or delete your comment, but we have no duty to do so.
It is virtually impossible for people to reprint previous documents printed at a walk-up copier. The copier stores the data on a hard drive because it scans it so that each copy looks identical. Even though it’s not encrypted, a thief would have to take apart the machine and physically remove the hard drive to do anything with it, as there is no way to access the stored data any other way. There is no secret menu, no special button combination that will access the files on the hard drive. Machines like this have big hard drives so that they can scan hundreds of pages at once and collate them in order without having to constantly rescan the original. That’s the only thing these drives are used for. If a thief wanted to try to steal the data, he’d have to pose as a technician, which in most retail stores the employees know the technicians already, and in most offices they have onsite people. Even assuming a thief could get access to a copier, they’d have to know how to take it apart, and know where the drive is to remove it, which is usually in a pretty secure place, not easily accessible.
I’ll just point out that, as the article noted, copier hard drives are rarely wiped clean when copiers are sold. It is a valid concern, although maybe not high on the list of places your personal information is most likely to be stolen from.
MikeB,
I have to respectfully disagree with some of your observations. First depending on the model of DIGITAL copier, jobs maybe stored for up to 24hrs or more depending on how the machine was set up. Second a lot of digital copiers have direct access to the administrative functions thru the front panel. All the operator needs to know is the right combination of key sequences to bring the admin panel up. Practically 90% of all copier/printer installs have the default user id and password as was shipped from the factory. Couple that with the fact that many of the manuals for the devices are online as PDF’s and you have a situation ripe for nefarious doings. Third, do a Google on ‘Black Hat Conference 2006′ there was a presentation and how-to that forced Xerox to develop a patch for a series of their digital copiers. Fourth, many classes of copier/printers that are networked store files in an open CIFS Microsoft share. This is built in by design.
As to access, if the thief knows that the copier/printer does use a share all he would need to do is turn on the feature and let jobs run. Return later with a laptop and jack in with a ethernet cross-over cable and suck the share dry. Yes access would be an issue but like any other theft, timing is the key. Case the joint and observe the busiest times. The staff would probably leave them alone during those periods. One other thing, on certain machines the drive bay is retained by two knurled thumb screws on the external case. So a thief could walk up to a machine and easily take the drive assembly away without any tools.
I am the printer manager/SME for a Fortune 10. I know this because I have done it.
Consumer suggestion:
- Use an analog copier if possible. Go to a library, they are always low man on the totem pole for funding so highly likely they are using an analog device.
- See if the copier has a privacy feature. Some models that are coming out now have essentially a flush button.
- If someone is really paranoid why not invest in a cheap flat bed scanner? A decent one for home use can be had for $75-100. They generally come with software that permits you to store copies off as PDF’s. If you need a copy you just print it off on your own printer.
[...] CE apparently got a mention on KTLK’s “CTX Home and Wealth Show” yesterday morning during a segment on identity theft, referencing my post on the risks posed by copiers. [...]
[...] By the way, you already know to shred old files before throwing them out. Do the same thing with your hard drives, using a digital hard drive “shredder” like Darik’s Boot & Nuke. Do the same for hard copy machine hard drives. [...]
I sell Toshiba digital copiers. Yes information can be gathered off of “Off Lease” trade up or purchased and re-sold copiers. I can walk back to our graveyard of upgraded copiers, take out a hard drive, slave the drive, and get the info. If the copier salesman has sold the customer a copier with an “Optional Security” feature then your safe and a badge or sticker on the front indicates this. Toshiba provides two options “data Overwrite” 1’s and 0’s mud the data so it can not be read(8x) over DOD requirements, cost $300.00. The other half of our copier line, especially the color, the “scrambler board” is standard and is (8x) over DOD. Another benifit Toshiba brings to the table the other copier companies do not is the e-Bridge technology. It is a Linux based platfom and can act as a server itself. Hacking it …. well it has never been done.