We all use copy machines to copy all manner of documents containing sensitive personal information, such as income tax returns, however, many people don’t take the time to think about the fact that today’s copy machines generally contain computers and are a part of the Internet of Things whereby data can be transmitted by them and, of course, anything that can store and transmit data can be hacked.  Since 2002 most copy machines have contained hard drives that store the images of everything that is copied.  Enterprising identity thieves buy used copiers, often those returned after being leased for a period of time, to steal the information contained in the copy machine’s hard drive and use it for identity theft.

In 2010, the Affinity Health Plan lost sensitive personal data on 344, 579 people when copy machines with unerased data were returned to the leasing agent following the completion of the leases on the copy machines.  In this case, the information lost included pay stubs and Social Security numbers.

Newer copy machines can encrypt the data in its hard drive or erase the data, however, some purchasers or leasers of copy machines neglect to pay the extra cost for those services, leaving the people whose data is copied into the machine in greater potential jeopardy of identity theft.


If you are using a copy machine at a copy center to copy sensitive documents, make sure that the copy center encrypts the data it stores.  You should also make sure that copy machines you may use at work to copy documents with sensitive personal information also encrypt the stored data and that the hard drive is removed when the copy machine is returned at the end of a lease or replaced by a new copy machine.  Most home copiers that generate fewer than 20 pages per minute do not have a hard drive and do not pose the same problem of identity theft.