A simple errand to Staples turned into a nightmare for a Southern California woman when her attempt to print some copies resulted in a scary security breach.
She found out the hard way that bringing personal documents to an office store could result in your private information falling into the wrong hands.
Deborah, who wanted to be identified by only her first name, used to pop her flash drive into her laptop without a second thought. But not anymore.
She’d dropped off a flash drive holding hundreds of personal documents – some bearing her social security number – to make some copies at a Placentia Staples store.
Local news from across Southern California
When she picked up her documents, she got a nasty surprise.
“When I finally put it in my computer and opened it up, I said, ‘Oh my god, my files aren’t there!’ did they accidentally wipe out my files?” she said.
The store had apparently mixed-up her drive with someone else’s.
“I noticed other people’s files, someone’s tax returns, invitations, car dealership and some were in Spanish,” she said.
Deborah used the tax returns to track down the drive’s owner, an Orange County businesswoman who asked NBC4 to not be publicly identified because she is worried the breach might panic her customers.
“Oh, I feel so violated,” the woman said.
Deborah said it took Staples 24 hours to track down her missing drive. Employees told her they found it in a store safe, but she believes some of her documents were missing.
After the company was contacted by the I-Team, a Staples spokeswoman said “we are not aware of any protected personal information being compromised,” but, “we have improved our labeling procedures so this doesn’t happen again.”
“I told them – ‘I’m sorry’ is fine, but that doesn’t give me peace of mind,” Deborah said.
Drive mix-ups aren’t the only risk you could encounter at your local office store.
Inside every modern copier lives a hard drive that automatically stores every image that’s printed.
“All the details that you print or scan, all the information is there,” said one local copy machine store owner.
EZ Office Machines in Los Angeles buys used copiers and pulls out the old drive before reselling them.
“There is a risk if you leave it inside,” the business owner said.
And if the printer at your corner copy store or your office is sold to a new owner, your information could go with it.
“About five years ago, several fraud rings were busted buying recycled copy machines where all the images were saved in the hard drive, and probably the more concerning was police departments had recycled their copy machines and all the photocopies and police reports were in the hands of the criminal element,” said Eva Velasquez, who runs the Identity Theft Resource Center.
Her advice: be your own privacy advocate, which means being more aware of where you plug in or print.
“We really have to shift our thinking that these wonderful devices are in a bubble. Our fax machines and our printers can be ports into our servers,” Velasquez said. “Our handheld phones, our smartphones, are not just phones -- they are little computers. And we have to treat them as such.”
The I-Team reached out to several office store chains to see how they safeguard consumers’ private information.
Office Depot said the company “works together with third-party vendors to protect our customers’ privacy.”
FedEx said hard drives in digital copy machines are physically secured and customer data is deleted after each transaction.”
A spokeswoman said team members must also pass a background check and get confidentiality training.
Staples has not yet responded to the question.