What I am finding really absurd about this whole thing is, the photocopier companies knew about this (obviously), and a number actually had services/software available to wipe the drives - but failed utterly in actually telling anyone who might care about them.
My gf works at a hospital and there are many panties in a twist about this right now. She contacted one of their major photocopier providers and asked about what happened to the ones they had on lease that were returned in the last few years. "Oh, they were sold, or scrapped, or given away... couldn't really tell you for certain though." So the obvious question: "Did you wipe the drives first?" "A: No, that wasn't included in our contract with you." - because nobody knew about this 'feature' when the contracts were written!
Massive fail both security wise and from the sales side on missing easy upselling. Very likely any hospital or police dept would gladly have paid for these services had they know it was necessary.
My gf works at a hospital and there are many panties in a twist about this right now. She contacted one of their major photocopier providers and asked about what happened to the ones they had on lease that were returned in the last few years. "Oh, they were sold, or scrapped, or given away... couldn't really tell you for certain though." So the obvious question: "Did you wipe the drives first?" "A: No, that wasn't included in our contract with you." - because nobody knew about this 'feature' when the contracts were written!
Massive fail both security wise and from the sales side on missing easy upselling. Very likely any hospital or police dept would gladly have paid for these services had they know it was necessary.