There’s a potential data thief sitting in every business and office.

It’s the copy machine, and it’s a “gold mine” for an identity thief, one that is only limited by the content you share on it.

As office pranksters have known for decades, a photocopier is just what it sounds like: a device that takes a photograph of something—whether it’s Bob from accounting’s face or your expense report—and uses that photograph to print a copy. In today’s more tech-savvy terms, a photocopier works exactly like a scanner, which makes a digital copy of the document in order to produce a hard copy later.

So what happens to all of these “photographs” the copier takes?

They get stored on the copier’s hard drive if the copier machine was made since 2002. This hard drive can contain tens of thousands of images stored on its hard drive, essentially retaining a copy of everything that has ever been copied on that machine.

That means that your sensitive information that you may have copied, everything from your tax returns to financial applications to bank statements, is stored deep within the copier on its internal hard drive. Identity thieves know that, and they’re enlisting the help of copier machine repairmen to go into the machine and retrieve those images from the hard drive, providing them access to any information about yourself that you copied.

Even more alarming than the potential for stealing the hard drive out of the copier itself is the understanding that the late-model copiers, the kind that connects all of the computers in the office for wireless printing, are actually computers…and computers can be hacked. Someone who is not on site and does not have the password can easily locate the copier’s network and log in as an administrator, then simply send all of the scanned documents to his own email address.

Copier manufacturers have gotten better at incorporating security measures that let business owners delete the hard drives and destroy any digital copies of documents that are copied, but that feature only works if individuals are aware of the problem and take those steps. Making sure the copier is password protected is important as well, but again, this level of protection is only there if companies use it.

There are some ways to protect your sensitive information from copier theft.

1. Make sure your workplace is aware of the dangers that copy machines can pose, and make sure that adequate steps are put in place to protect your company’s or employees’ data.

2. When your company’s copier lease is up, make sure the hard drive is erased before sending it off to the warehouse and receiving your new copier.

3. If repair work is being done, be certain that the copier company has sent this technician and knows him, and not just hired a third-party contractor without a thorough background check; you might actually consider having someone stay with the repairman during any work on the machine just to oversee the work.

For your own personal safety, it’s a good idea to avoid copying any sensitive personal data at work, even if your company doesn’t mind employees using the machine for personal copies. Remember that the fax machine incorporated in the device functions in the same way and that it will also scan and store the documents. Anytime you have to send your confidential personally identifiable information, consider making the copies or scans at home on your private printer-scanner-copier and simply emailing them to their destination through your encrypted email.

Have questions about identity theft? Download the free ID Theft Help app for on-the-go assistance.