Firms face legal risk from data on secondhand photocopiers

An investigation by the News of the World found that thousands of old photocopiers are being sold whilst still containing sensitive data left in them by the previous owners. They say this data could include personal and financial information, or even records from a government linked defense firm as in the case of one copier they purchased and analysed.

The paper purchased a Canon copier for £411.24 from office machinery reseller JKBM.com of Ashford. They were able to recover documents and faxes from the internal hard disk including a purchase order from aerospace firm BAE Systems and NATO briefing notes. There was also a direct debit instruction with details of the firm’s bank account, along with an authorised signature. They were most outraged by the fact that JKBM exports much of their equipment to fraud hotspots Nigeria and Ghana.

Independent security experts say the photocopier data disclosure risk has existed for about eight years, but few firms are aware of the risk, so disks are rarely wiped. Obtaining the data was as simple as removing the hard disk and scanning it with free software.

News of the World passed on it’s information to the Information Commissioner’s Office (ICO) which said it will look at the evidence to see if any breach of the Data Protection Act has occurred and if any regulatory changes are needed.

Jonathan Care, Head of Fraud and Compliance at information research and risk management consultancy MWR InfoSecurity, said: “This information is extremely valuable for an identity thief. I suspect a lot of organisations disposing of equipment will be shocked how easily their customers’ data can be lost.”

News of the World