Want to know what expenses your boss claimed last month? How much your colleague makes? What the co-worker down the hall is really working on? Forget about hacking their computers – you might want to hit the nearest photocopier instead.

Turns out the newfangled, multi-purpose copy machines in your office keep a wealth of copied data on a hard drive that anyone can hack.

In the age of everything digital, the photocopier is probably the one workplace item you never thought to worry about. It's just making a copy of a document, right? How risky could that be?

Very risky, as it turns out. You might want to press cancel on the copy machine right about now.

Victor Beitner, a security expert who reconfigures photocopy machines destined for resale in Toronto, says businesses are completely unaware of the potential information security breach when the office photocopier is replaced.

They think the copier is just headed for a junkyard but, in most cases, when the machine goes, so does sensitive data that have been stored on the copier's hard drive for years.

"If I was the kind of person looking for certain information, this would be a gold mine," said Beitner, founder of Cyber Security Canada, a security, privacy and threat management company. "People have no clue of what the risks are."

Of the dozens of multi-purpose copiers Beitner has cleaned out in the past two years, he has seen hundreds of scanned documents that would be considered confidential. As a personal policy, he never reads them, but can easily tell where they are by the file names and sizes.

"In almost all the machines I have seen, the files, phone numbers, fax numbers and email addresses are left there as if it was still in the office," said Beitner. "There are files from insurance companies, medical facilities, pharmaceutical and regular office-type documents," he said.

Even though high-volume photocopy machines with hard drives have been around for more than five years – most large offices today would have them, the kind that photocopy 35 to 60 pages a minute – people rarely think of them as computers, said University of Toronto computer science professor Graeme Hirst.

"Modern, large, office-type photocopiers are computers. The whole system is controlled by a computer, it has a hard disk. It scans images and they are stored on the disc," said Hirst. "They are also networked computers, and they have all the same security issues that a computer does, so all the same security issues arise," he said.

Such as being targeted by hackers, said Beitner. Any web-savvy, techno-whiz kid could easily access the hard drive, or send all scans to email or, if they have the password, retrieve copies of confidential documents by simply hooking their laptop up to the copier.

And, as a few Google searches will show you, you don't even need to leave the comfort of your home. The activity of photocopiers linked to an unsecure network can be seen and tracked online. With a few clicks of a mouse, and no knowledge of how to hack, we could see the latest activity of a photocopier in Korea, which included copies of invoices and employee expenses.

"I am at the administrator level of the network," said Hirst. "If the password is changed, I can't get in and change any of the settings. But sometimes, all the logins and passwords are easily found online."

In Toronto, most rented photocopiers are picked up when the lease is almost over, usually anywhere from two to five years. If the copiers are in good shape, they are often destined for auction, where they are bought to be resold. Some end up with dealers, who ensure confidential information is erased. Others can be found on Kijiji or Craigslist, and likely still have crucial data on them.

Some companies, like Rite Copy Service, tell their clients to remove the hard drives and purge them before they are picked up for resale. Or they replace the hard drives. But that costs extra time and money.

The cheaper thing to do, says Beitner, is to make the data inaccessible, clear the memory on the machine and change the pass codes through the machine panel. It doesn't completely wipe the hard drive, but renders it unusable to the average person.

"Ninety-nine per cent of the population can't get to it. But it's the one per cent, the guy who is going to come in the middle of the night, take the hard drive out and scrub all the data off it," said Beitner. "There is still that risk."

Loading... Loading... Loading... Loading... Loading... Loading...

It's an issue that first came to light five years ago, and larger copy companies also came up with solutions, said Dr. Avner Levin, the director of the Privacy and Cyber Crime Institute at Ryerson University. Companies like Xerox now have enhanced security measures that enable an office to remove the hard drive and do digital shredding.

Levin says this is really part of a larger issue – the lack of awareness about technology in the everyday work environment.

"People in general aren't very good about storing their data, but here is a case where they don't even know their data is being stored," he said. "I think few people think about the consequences of the technology they are using."