Baton Rouge, La. (InvestigateTV) — Honduras native Carlos Rubi found his calling protecting networks in America’s private companies and public entities after settling in his second home of Houston, Texas, about ten years ago.
“It didn’t matter my accent, as long as I was here to try and help people, they would be willing to receive me,” Rubi said.
Rubi, a cyber security expert, now works for LA Computech, a company headquartered in Louisiana that is responsible for making sure public and private entities are secure. The company supports networks and systems at nearly 3,000 locations across the country.
For more than a decade, Rubi has found success learning about risks and securing networks.
“And that’s the part that I love,” Rubi said. “That’s what helped me.”
Rubi is now focused on what he believes is an overlooked cybersecurity risk: multifunction printers.
He and his business partner, Nate Michel, are on a public awareness campaign to let people know poorly protected printers can give hackers a key to get right into a network.
“We found a gap. We found a gap in cybersecurity,” Michel said.
That gap, Michel said, has led to vulnerabilities from coast to coast. Earlier this year, InvestigateTV found possible printer problems across the country after receiving a confidential audit of several agencies’ machines.
Humming in the corner of offices across America, many modern office printers and multifunction devices do more than scan and copy documents. Depending on the model and settings, they may store documents, scan histories, address books, network settings or other sensitive information. Modern office printers can also have hard drives, firmware and default passwords that may never get changed.
Based on a global study of more than 800 IT and security decision makers last year, only 36 percent applied firmware updates to printers promptly, leaving unpatched printers more vulnerable to hackers.
“The findings show that platform security is being overlooked, leaving concerning security gaps,” an HP news release said.
“People don’t think that whenever a document is sent to the printer or scanned on the printer that it’s stored inside of a drive on that printer,” Michel said.
Without proper network protections and security updates, cybersecurity experts say printers can become one path cybercriminals use to try to gain access.
In 2025, one of the largest data breaches in American history occurred when hackers infiltrated Conduent, a third party printing and back office processing company.
Texas Attorney General Ken Paxton demanded details about how the sensitive information of approximately four million Texans was exposed.
“The Conduent data breach was likely the largest breach in U.S. history,” Paxton said. “If any insurance giant cut corners or has information that could help us prevent breaches like this in the future, I will work to uncover it.”
Nationally, it has been reported the number of impacted Americans is closer to 25 million. Exposed information reportedly included Social Security numbers, addresses, birthdates and medical information.
“A hacker can easily get to a printer through your guest Wi-Fi,” Rubi said.
InvestigateTV submitted dozens of public records requests across America for printing contracts and the make and model of printers used by state police, sheriffs’ offices, police departments, local counties and district attorneys.
Only a handful responded. Most of the contracts InvestigateTV reviewed did not specifically mention firmware updates, malware protection or any other security measures, leaving that responsibility largely to the public entities leasing that equipment. Michel said managed print services, also known as MPS, should include these security protocols in contracts.
“This was all pervasive in all industries, across all companies, across government, private industry all of it. It’s a serious problem,” Attorney Jarrett Ambeau said.
Ambeau represents Michel and Rubi as they raise concerns about potential vulnerabilities in not just law enforcement, but doctors’ offices and schools across America.
“The purpose isn’t to say, you’re doing bad. It’s to say, hey, there’s a problem here, and the problem needs to be fixed. It doesn’t really matter whose fault it is. Let’s not get caught in the weeds about whose fault it is. Let’s just find a solution,” Ambeau said.
The FBI’s Criminal Justice Information Services Division establishes minimum security requirements for agencies that handle criminal justice information, including fingerprints and other criminal records. But people familiar with the process said they need more clarity about printers.
Longtime Louisiana Sheriff Bobby Webre said communication from the feds to the state to the local level has been spotty at best.
“It’s probably not isolated just in Louisiana. It’s probably happening all over the country,” Webre said.
Webre said those communication gaps are concerning. He said although his printers were up to date, he never dreamed something that prints a document could open up his network to a hacker.
“I’m not worried about just printers. I’ve got to worry about all of it, including the laptop sitting in the deputy’s car, his radio on his side, his body camera on his chest. They touch something, too. They touch networks. They have vulnerabilities,” Webre said.
Across the street, those vulnerabilities were too risky for a different public official. Mert Smiley is the assessor of Ascension Parish, one of Louisiana’s fastest growing parishes and home to a $6 billion Hyundai steel mill currently in the works. It’s one of the state’s most significant economic development announcements in history.
“Ascension Parish, because of our petrochemical industries and all the new plants that are coming, we now have just tons of new people coming in,” Smiley said. “We went from 33,000 parcels to 65,000 parcels in just the brief time that I’ve been assessor.”
With that explosive growth comes more data and more risk. This year, Smiley replaced all of his office’s printers after Michel’s company told him his existing machines were vulnerable.
“I had to make a change because our printers were so old, and I felt that we needed to protect the people,” Smiley said. “We have phone numbers, we have social security numbers, things like that, and I think that it would be to the best interest that other countries and hackers would not know that information.”
With this hidden risk, Michel and Rubi said they’ve developed software designed to identify printer weaknesses, including devices that are too old to even receive security updates.
“Just because it doesn’t hurt right now, doesn’t mean it won’t hurt in the future. And the best prophylactic for you being attacked by someone is to make sure that you’re secure. Maybe this printer will never cause a problem, but making it secure might save me hundreds of thousands of dollars in ransomware,” Ambeau said.
For Rubi, the country that gave him a new life is worth fighting for. It’s why he and Michel are trying to prevent network nightmares with a loud wake-up call.
“Once they’re in the network, they’re able to reach any printer that has the default credentials, and they have full open doors to do whatever they want,” Rubi said.
The FBI’s Criminal Justice Information Services Division said law enforcement agencies rely on secure systems to protect criminal justice information, and the CJIS Security Policy establishes minimum controls to safeguard that information.
“Multi-function printers, which may process CJI, represent a significant security risk when their firmware, software, and network configurations are not kept current with modern security requirements. Outdated or unpatched devices can expose agencies to vulnerabilities that allow unauthorized access, data interception, or improper storage of CJI,” the FBI CJIS Division said in a statement.
The division said the CJIS Security Policy control addresses unsupported components. Support for system components includes software patches, firmware updates, replacement parts and maintenance contracts.
“An example of unsupported components includes when vendors no longer provide critical software patches or product updates, which can result in an opportunity for adversaries to exploit weaknesses in the installed components. Because the CJIS Security Policy applies to all hardware and infrastructure that process, store, or transmit CJI, all agencies, including local, are required to ensure these devices meet the same security standards as any other system connected to criminal justice networks. Failure to update multi-function printers’ software and firmware may result in non-compliance with CJIS requirements, increased audit findings, and heightened exposure to cyber threats targeting law enforcement systems,” the FBI CJIS Division said.
Conduent said the company acted quickly by notifying clients, authorities and publicly disclosing the breach.
“We acted quickly and in alignment with incident response protocols to understand and address this issue. We brought in independent cybersecurity experts, notified our clients and the appropriate authorities, and publicly disclosed the incident. We’ve also been working closely with our clients to support individuals who may have been affected,” a Conduent spokesman said.
The company said notifications were sent on behalf of clients to individuals with information about what happened, the resources available to them and what they can do next. Those notices included steps people can take to help protect their information and, where applicable, access to credit monitoring.
“Importantly, so far there is no evidence that any of the data involved has been misused, posted, or made publicly available. We continue to monitor closely and remain committed to supporting our clients and the individuals they serve,” the spokesman said.
Copyright 2026 Gray Media Group, Inc. All Rights Reserved.
Network Nightmares: America’s printers carry hidden hacker risks – WOWT
Leave a Comment
