Old photo-copier spills defence documents
By Guy Basnett and Pete Warren
THOUSANDS of office photocopiers containing secret or personal information are being unwittingly flogged off to potential crooks, we can reveal.
We expose how Britain’s businesses are carelessly throwing away people’s personal and financial information that has been left stored on used office equipment.
And we show just how easy it is to retrieve, by buying a cheap second-hand copier from a dealer and finding it crammed with records from a Government-linked defence firm.
Worse still, like thousands of other office copiers, it was destined for export abroad to fraud hotspots in West Africa.
Our investigation began after we learned modern multi-purpose photocopiers, that double up as printers, scanners and fax machines, use computer-style hard drives to store data.
But very few businesses – or customers – are aware of the risk, so disks are rarely wiped.
Our machine contained data from companies owned by Cobham Plc, a defence firm supporting military aircraft and training helicopter pilots.
And simply removing the disk and scanning it with free software readily available on the internet we were able to read page after page of documents and faxes scanned as recently as April.
One showed a purchase order dated April 9 from aerospace giant BAE Systems worth £644,890, while another bundle included briefing notes from military alliance NATO.
Another included a direct debit instruction complete with bank details and the signature of an authorising staff member.
HR records showed a request from FR Aviation to the Defence Vetting Agency to check the National Security Clearance status of a new contractor, giving his name, date of birth, and previous employment.
One sheet gave medical details and appointment times for a member of staff, while another showed computer information.
The data haul would prove a goldmine to fraudsters, computer hackers and even spies or potential terrorists.
Now the Information Commissioner’s Office says it will look at our evidence to see if the Data Protection Act has been breached, and if any regulatory changes are needed.
Jonathan Care, Head of Fraud and Compliance at information research and risk management consultancy MWR InfoSecurity, said: “This information is extremely valuable for an identity thief.
“I suspect a lot of organisations disposing of equipment will be shocked how easily their customers’ data can be lost.
“It’s my view that what we see with this one case is just the tip of an iceberg.
“Britain’s businesses need to be aware of the threat.”
Incredibly, like hundreds of other machines from offices, ours was destined for Africa and other buyers overseas.
We bought our Canon for just £411.25 from JKBM.com Ltd, in Ashford, Kent, which specialises in selling on ex-lease or repossessed office machinery and copiers – many for export.
We bought our IR3100CN copier with 40GB hard drive from dealers JKBM.com Ltd, in Ashford, Kent, who send many abroad, especially to Nigeria and Ghana.
Owner John Taylor said: “God’s honour, I’ve never given it a thought.
“Obviously I’m aware of this with computers but I’ve never thought about copiers. We’re not malicious, we’re just photocopier engineers.”
Cobham Plc told us: “We take data privacy very seriously and have rigorous procedures. We are taking all necessary steps to recover the equipment and its data and ensure there’s no recurrence.”
This story first appeared in the News of the World under the headline ‘Copier Cat crime’ on the 18th of July, 2010.