The Truth About Copier Hard Drives. Tips For Securing Your Data!

Four years ago the American news network CBS launched a story titled ‘Digital Photocopiers Loaded with Secrets’. The journalist who reported on the story, CBS News’ chief investigative correspondent Armen Keteyian, claimed that every digital copier or an MFP had a hard drive which stored an image of every document which was ever scanned, copied or mailed by that specific MFP unit. This security leak could potentially lead to information thefts worth millions of dollars or endanger privacy of thousands of individuals, leading to other various wrongdoings.


The report described how the CBS News purchased a few used MFP units from a warehouse in New Jersey. They managed to recover hundreds of digitalized documents from the units using a data recovery program which can be found online for free; they recovered documents of the Police Sex Crime Division and multiple documents used by companies (construction and even insurance companies) – and the entire process lasted less than 12 hours. Naturally, the story spread quickly, and millions of MFP users were worried about the security of their data. The CBS News journalists claimed that MFP manufacturers are not aware of trouble this security leak could cause and urged the users to make sure they had erased their data before decommissioning or selling old MFP units.

How much of the story is true, you may ask yourself, and how much is the notorious sensationalism so often found in mass media? The story gained national attention in the United States, and several major MFP manufacturers released separate statements refuting the journalists’ claims. The manufacturers claimed that, although MFPs have hard drives used for storing the data which is copying/mailing/faxing at the moment, the documents don’t remained stored on the hard drive or in the DRAM memory.

Whether a certain MFP unit saves every document it ever scanned depends on the model and its configuration, but they do not store all these images by default; their hard drives are not big enough either way. Xerox and Sharp stated that their MFPs use an overwriting method so that the older documents don’t remained stored.

But, interestingly, a majority of MFP manufacturers offer data security kits. The kits ensure that the DRAM memory is cleared after every use of the MFP unit and encrypt all data which is stored on the hard drive. They start and run automatically at all times and have certain overwriting subroutines which make the deleted data impossible to retrieve. So, why do the manufacturers offer these security kits if the hard drives do not retain the documents? It is because an MFP located at an average workplace has names, e-mail addresses, and fax numbers – an entire address book containing potentially private data which is thus protected by the security kit. If an MFP model has an option to create a server where all employees can save the copied documents, the security kits would encrypt and protect that data as well.

We can thus say that the CBS story was in many ways overblown. Although it is possible for some MFP units to store previously scanned documents, they do not so by default and they simply don’t have the capacity to store all faxed, scanned or copied documents. But the report had many positive consequences; it raised awareness on data security and MFP manufacturers upgraded the existing data security methods and (more importantly) began educating their users on how to protect their documents.

Still, even if the most of the story proved to be false, there are other ways someone can retrieve or steal data from an MFP unit. If you own or manage an MFP at your business, we suggest you pay attention to the following, we dare to say, more realistic concerns.

- Physical access to the unit – Who can access the copier unit? How many employees, customers or technicians? Are technicians asked to show some credentials or an impostor could slip in without much trouble? If the copier contains some crucial sensitive information which could be labeled as trade secret, then it should be protected by restricting access to the unit.

- Network connection – Most workplace MFPs are part of some local area network, but use a proprietary OS, which makes any information theft nearly impossible. But, just to be sure, you can check out if there are any security holes with your specific MFP by visiting the American National Vulnerability Database (

- Configuration – Almost all MFPs can be configured through a web interface, which is protected by password (the address book can be accessed in the same manner)- be sure the password is not the default one!

- MFPs in public – Experts strongly suggest not using any public copiers when faxing or copying crucial information, as you can’t know the configuration of the unit, that is, whether the MFP will save a copy of each document it copied or faxed.

And finally, what should you do to secure your MFP? It’s important to realize that MFP security (both physical and digital) should be a part of your company’s IT security policy. Here are some things to look into when securing the MFP unit:

- The MFP industry has already established a set of security standards which all manufacturers tend to meet; the two well-known certifications are IEEE-2600-2008 and ISO 15408 Level 3 Certification – when deciding which MFP model to purchase, always make sure the model has these certifications.

- What level of security do you need? You’ll have to decide whether the MFP will have any access control like user authentication, passwords or different accounts.

- MFP manufacturers and distributers should inform their customers about data security packages. As we’ve already stated, if you have any concerns regarding security, data security kits should provide all the safety you require.

- Hard Drive disposal – As your MFP approaches the end of its lifetime, decide what will happen do its hard drive. You can destroy it, keep it and eventually install it in some other piece of equipment or send it back to the MFP manufacturer, where it will be scrubbed.


You have no items in your shopping cart.

Track package

Brak loga
Brak loga