Photocopier Fallout: Company Notifies 409,000 of Data Breach

By: Michael Rey
Topics: News

When Armen Keteyian first reported the story on digital copiers and their hard drives on April 19, there were no known cases of data breaches coming from copy machine hard drives.

In an ironic twist, our story became the first publicly known case of a data breach from a copy machine hard drive when we purchased a copier that had once been owned by Affinity Health Plan.

Because of medical privacy laws, Affinity was required to then file a breach notification to state and federal regulators and notify all of its clients and everyone who might have ever had information on Affinity copy machines, including current and former employees. They sent out a breach notice on April 5, saying the company had been told of the hard drive problem on March 17th, the day they were first contacted by CBS News.

Affinity told 409,262 individuals that their personal or medical data may have been compromised, according to a filing with the New York State Consumer Protection Board.

Medical records for nine individuals were found on the digital copier that we purchased in a wholesale warehouse. The copier had once been in use at the Affinity headquarters in the Bronx.

On that same copier, we also found hundreds of pages of non-medical documents, including driver's licenses, social security cards, W-2 forms and even a handwritten love note.

CBS News returned the hard drives in a sealed envelope to a representative of Affinity on April 8.

4 Comments +

Add a Comment


by walleyek April 27, 2010 10:54 AM EDT: Copy machine hard drives should be the self-encrypting variety. A user must authenticate to it just like he/she would to their computer's encryption system.; Reply to this comment


by IT_Department_Guy April 27, 2010 9:01 AM EDT: FYI -

What most Employees do not realize is that any paper document you put on a photocopy machine and copy (whether private or business) is automatically "digitalized" and is immediately viewable by your IT Guy on his computer screen (if he/she has high enough company IT access rights).

So it's not just after the photocopy machine is sold that your paper copied document is viewable by a stranger, it's the second you press the "copy" button that someone in your company can (electronically) look over what you've just copied on the photocopy machine right from their PC.; Reply to this comment


by bobnjersey April 26, 2010 6:35 PM EDT: [Affinity told 409,262 individuals that their personal or medical data may have been compromised, according to a filing with the New York State Consumer Protection Board.

Medical records for nine individuals were found on the digital copier that we purchased in a wholesale warehouse. The copier had once been in use at the Affinity headquarters in the Bronx. ]

excellent ... nine people's records were found on the copier ... and they notify over 400,000 people of a medical records breach?; Reply to this comment


by kenhamlett April 26, 2010 6:13 PM EDT: This highlights the value of the news media in exposing what would otherwise have been ignored by the companies and law enforcement. This is not the first known case but it has been routinely ignored even portrayed to me as legal to accumulate other peoples documents and data from copy machines. I see no difference between copiers, computers or file cabinets. All can be abused.
I would like to thank CBS for bringing this to the attention of the public. Maybe this time someone will listen.; Reply to this comment

Popular Now in CBS Evening News

recommended

Follow CBS News Investigates

Got a Tip?

Contact the CBS News Investigative Unit
investigates@cbsnews.com
212-975-7171

Most Popular on CBS News

Stories More »

Videos More »

5 Photos | View Gallery »
Photos: Inside the jail cell of Jodi Arias
17 Photos | View Gallery »
Fla. teen charged over underage same-sex relationship
16 Photos | View Gallery »
British flower show in full bloom
7 Photos | View Gallery »
Hofstra Univ. student killed in police standoff
39 Photos | View Gallery »
Billboard Music Awards 2013

Scroll Left

Scroll Right More »

CBS News on Facebook

Photocopier Fallout: Company Notifies 409,000 of Data Breach

Report offensive content:

E-mail this comment to a friend.

Follow CBS News Investigates

Got a Tip?

48 Hours iPad App