Digital copiers could be an identity theft threat

Office photocopiers can provide a wealth of information for identity thieves, either while the photocopier is being used at your office, or later after it's sold to a third party. How? If it's a newer digital model it will likely have a hard drive that could be ripe for hacking.

Hard drives installed in digital photocopiers store images of every document that's been scanned or copied. Unless certain precautions have been taken, the data remains stored on the hard drive. Once the drive becomes full, prior data is then overwritten.

If your photocopier is connected to an office network, web-savvy hackers could gain access over the internet and download document images stored on unprotected machines.

There are serious security issues regarding data stored not only on photocopier hard drives, but on computer hard drives as well. Business owners and office administrators have several options to help protect the data that's stored on them:

  • Disk-scrubbing software — Before selling or disposing of a computer or digital photocopier use a program that "scrubs" the hard drive or renders the data unusable. Doing so may prevent a cyber thief from finding any useful data to steal.
  • Encryption software — Install software that prevents data from being stored or that encrypts data that's already on the hard drive. Some manufacturers such as Sharp and Xerox offer such security packages with their products.
  • Password protection — Although it may be routine practice to password protect computers, businesses may overlook the importance of passwords for digital copiers. These would be the passwords that network hackers could use to gain access to a copier's hard drive. Make sure to use passwords that cannot be guessed easily and to change them regularly.
  • Vendor services — Vendors are available to remove, replace or dispose of hard drives. Your copier manufacturer or copier service company may offer similar services.

Good security practices require businesses to protect personal information and dispose of it in a manner that renders it unreadable.

Personal information includes an individual's first and last name in combination with a Social Security number, driver's license number, financial account number or individual taxpayer identification number.

A business that keeps electronic records of its customers' personal information must use reasonable measures that are appropriate to the nature of the personal information and the nature and size of the business.

A business that disposes of paper records containing personal information must take reasonable steps to destroy the records in a way that will prevent unauthorized access to, or use of, the information.

Improperly disposing of consumers' personal information could be considered a security breach. If a security breach occurs, you may have a legal obligation to provide notice to consumers as soon as reasonably possible. You should consult with your legal counsel about your specific obligations.

The Hanover offers insurance against data breach or cyber security exposures. Consult your Hanover agent about insurance products designed to protect your organization.

Based on information from the Maryland Attorney General's Office.

This material is provided for informational purposes only and does not provide any coverage or guarantee loss prevention. The examples in this material are provided as hypothetical and for illustration purposes only. The Hanover Insurance Company and its affiliates and subsidiaries (“The Hanover”) specifically disclaim any warranty or representation that acceptance of any recommendations contained herein will make any premises, or operation safe or in compliance with any law or regulation. By providing this information to you..The Hanover does not assume (and specifically disclaims) any duty, undertaking or responsibility to you. The decision to accept or implement any recommendation(s) or advice contained in this material must be made by you.

LC OCT 2018 10-213 H
171-0996 (4/18)