Modern, high tech photocopiers come with hard drives and they’re easy to hack. You probably never thought twice about making a copy of your paycheck or insurance claim, but, if you do it at work, you might want to think twice.

Victor Beitner, a security expert who reconfigures photocopy machines destined for resale in Toronto, says businesses are completely unaware of the potential information security breach when the office photocopier is replaced.

They think the copier is just headed for a junkyard but, in most cases, when the machine goes, so does sensitive data that have been stored on the copier’s hard drive for years.

“If I was the kind of person looking for certain information, this would be a gold mine,” said Beitner, founder of Cyber Security Canada, a security, privacy and threat management company. “People have no clue of what the risks are.”

Of the dozens of multi-purpose copiers Beitner has cleaned out in the past two years, he has seen hundreds of scanned documents that would be considered confidential. As a personal policy, he never reads them, but can easily tell where they are by the file names and sizes.

“In almost all the machines I have seen, the files, phone numbers, fax numbers and email addresses are left there as if it was still in the office,” said Beitner. “There are files from insurance companies, medical facilities, pharmaceutical and regular office-type documents,” he said.

So, just how easy is it to access the information?

Any web-savvy, techno-whiz kid could easily access the hard drive, or send all scans to email or, if they have the password, retrieve copies of confidential documents by simply hooking their laptop up to the copier.

And, as a few Google searches will show you, you don’t even need to leave the comfort of your home. The activity of photocopiers linked to an unsecure network can be seen and tracked online. With a few clicks of a mouse, and no knowledge of how to hack, we could see the latest activity of a photocopier in Korea, which included copies of invoices and employee expenses.

If your company has one of these newer copiers there are several options to take to ensure the data is removed. If it’s to be resold at auction, erasing the hard drive is a good start. Clearing the memory and changing the passcodes make it inaccessible to most people. Removing the hard drive and replacing it with a new one is an even better option.

The flaw in the system consists of the fact that photocopiers were designed to not erase data as soon as the copy was made. There are some machines that do this, such as Xerox, but not all copiers are designed this way. It would be a good idea to ask your vendor before making such a crucial purchase. There is never a legitimate reason to keep photocopied data for years.