Disposing of or preparing a corporate printer or a conferencing unit for sale involves more than simply unplugging the device. Modern office devices are essentially small computers that are often equipped with storage, network access and sensitive configuration data.

We have compiled a collection of stored sensitive data by device type to highlight the importance of safely preparing devices for disposal. In subsequent articles, we will provide practical recommendations for this process.

You can also see our article on preparing Windows, MacOS, Android, and iOS devices for resale and disposal.

So, what information can different types of office devices store?

Printers

Multifunction printers (MFPs / All-in-Ones):

These are the most “data-rich” because they combine printing, scanning, copying and faxing.

• Print job histories (cached documents waiting to print, sometimes retained afterward).
• Scanned documents (temporarily stored, sometimes archived).
• Copied pages (cached like scans).
• Fax logs and transmitted faxes.
• User authentication data (PINs, usernames, LDAP/AD credentials).
• Address books (for fax and email functions).
• Network settings (Wi-Fi Service Set Identifier (the name of a wireless network / SSID), passwords, IP configs, Simple Network Management Protocol (SNMP) info).
• Cloud service connections (Google Drive, OneDrive, Dropbox logins).
• Audit logs (who printed what, when, and from which account).

Not all MFPs retain data after power-off, some use volatile memory unless an internal HDD or SSD is present.

Regular printers (laser/inkjet, single-function)

Less complex, but still may store:

• Cached print jobs (especially if the printer has internal memory or a hard drive).
• Network settings (SSID, Wi-Fi password, IP address).
• User authentication info (if connected to secure print or pull-print systems).
• Firmware update history.
• Error logs (sometimes including job info).

Label or receipt printers (e.g., Zebra, Epson, Brother, Bixolon)

Usually simpler, but modern networked/USB models can still store:

• Stored label templates or layouts.
• Recent print history (last labels, receipts printed).
• Logos or graphics uploaded for repeated use.
• Wi-Fi / Ethernet network settings (including credentials).
• Cloud or management portal connections (e.g., Zebra Print DNA, Epson Cloud Solution PORT).

Why this matters for disposal or resale:

• MFPs are the highest risk because they often have full hard drives inside. Without wiping them first, sensitive scans or print jobs can be retrieved.
• Regular printers: Lower risk, but network credentials and cached jobs can leak.
• Label printers: Often overlooked, but Wi-Fi details or stored templates could expose internal info.

Network equipment

Wi-Fi routers and gateways (often combined with modems):

• Admin credentials: Web User Interface (Web UI) and Command Line Interface (CLI).
• Wi-Fi SSID and passwords.
• Firewall and Network Address Translation (NAT) rules.
• Port forwarding and VPN configs.
• Internet Service Provider (ISP) login details (Point-to-Point Protocol over Ethernet (PPPoE), static IP creds).
• Logs (device activity, Dynamic Host Configuration Protocol (DHCP) leases, connected clients).
• Cloud account links (if managed via vendor cloud apps).

Network switches:

• Admin credentials.
• Virtual Local Area Network (VLAN) configurations.
• Port security settings.
• SNMP community strings, management passwords.
• Access Control Lists (ACLs).
• Logs of network traffic and connected MAC addresses.

Access points:

• Wi-Fi SSID and passwords.
• Controller association (e.g., UniFi, Aruba Central, TP-Link Omada).
• Certificates and RADIUS credentials (for enterprise Wi-Fi).
• Cloud portal accounts.
• Logs (client connections, usage history).

Firewalls and Unified Threat Management (UTM) devices:

• Admin/root credentials.
• Firewall rules and NAT policies.
• VPN settings (site-to-site and remote user).
• User accounts (employees, admins).
• Certificates and private keys.
• Logs (traffic, intrusion detection, user activity).
• Cloud accounts (e.g., FortiCloud, Sophos Central).

VPN gateways and appliances:

• Admin credentials.
• VPN user accounts and passwords.
• Certificates and keys.
• Site-to-site VPN configurations.
• Logs of connections (source IPs, user activity).

Network attached storage (NAS) devices:

• User accounts and passwords.
• Shared folders, file data, backups.
• Encryption keys (if enabled).
• Cloud sync accounts (Dropbox, OneDrive, Google Drive).
• Internet Small Computer System Interface (iSCSI), Network File System (NFS), Server Message Block (SMB) configs.
• Linked domain accounts (AD/LDAP bindings).
• Many NAS also store SSH keys or API tokens for automation/backup tasks.
• Logs (file access history, user actions).
• SSH keys, API tokens, or backup job credentials often stored by Synology/QNAP.

Voice over Internet Protocol (VoIP) gateways / Phones / Private Branch Exchanges (PBXs):

• Session Initiation Protocol (SIP) credentials (username/password for provider or PBX).
• Admin passwords (device UI, PBX web interface).
• Call logs, voicemail.
• Phonebooks, contact directories.
• Cloud service connections (e.g., Cisco Webex, Zoom Phone).
• Wi-Fi, network settings (if wireless).

These devices may store credentials, configurations, logs, or files that attackers could exploit if they are not wiped before disposal. Even seemingly harmless devices, such as access points or VoIP phones, can expose Wi-Fi passwords, SIP accounts, and cloud logins.

Conferencing equipment

Cameras and video conferencing units (e.g., Logitech Rally, Poly Studio, Cisco Webex Room):

• Device logs with meeting times, participants, call history.
• Saved Wi-Fi/network credentials.
• Cached files from screen sharing or recordings (if device has storage).
• Linked cloud accounts (Zoom, Teams, Webex, etc.).
• Certificates/keys used for secure connections.

Smart whiteboards and collaboration displays (e.g., Microsoft Surface Hub, Samsung Flip):

• Stored meeting notes, drawings, screenshots, and annotations.
• User accounts and synced cloud drives (OneDrive, Google Drive, SharePoint).
• Calendar integrations (Exchange, Google Calendar).
• Network settings (Wi-Fi, VPN, proxy configs).
• Cached login tokens (so users may still be “logged in” after device reuse).

AV Systems / Controllers

• Saved admin/root passwords for management consoles.
• Access credentials to room scheduling or booking systems (Exchange, Outlook, Google Calendar).
• Logs of device usage and connected endpoints.
• API keys or integration tokens (for automation platforms).

Wireless presentation systems (e.g., Barco ClickShare, Crestron AirMedia, Mersive Solstice)

1. Network configuration data

• Wi-Fi SSIDs and passwords.
• WPA2/WPA3 enterprise credentials.
• Static IP addresses, VLAN, DNS, and gateway settings.
• SNMP or admin management passwords (for remote monitoring).

2. Access and connection data

• Device pairing keys (used for laptops or dongles like ClickShare Buttons).
• Guest access codes (temporary PINs or meeting room codes).
• Bluetooth pairing info (if used).
• Recent presenter or connected device list (device names, sometimes user names).

3. User and session data

• Cached session thumbnails, screenshots, or shared presentation frames.
• Temporary files (e.g., shared documents or content snapshots).
• Logs of connection times, IPs, and usernames.
• Analytics data (e.g., usage statistics, frequency of meetings).

4. Admin and cloud account data

• Admin console login credentials.
• API keys for integration with room scheduling or analytics platforms.
• Cloud service links (e.g., Barco XMS Cloud, Mersive Solstice Cloud).

Although they are often overlooked, wireless presentation systems can store network credentials, cached content, and identifiable user data. 

Other

Smart TVs, commercial displays, media players (e.g., Samsung Smart Signage, LG webOS, Sony Bravia Professional, Apple TV, Android TV boxes, BrightSign, Chromebox media players)

These devices are used for presentations, digital signage, and dashboards in offices and meeting spaces. Many of them are connected to network or cloud services and are often left logged in indefinitely.

Stored data:

• Wi-Fi credentials, such as SSIDs and passwords, or enterprise certificates if connecting to corporate Wi-Fi.
• Installed apps with cached logins, such as YouTube, Zoom, Microsoft Teams, Google Workspace, and custom signage CMS apps.
• Signage or dashboard content, such as locally cached presentations, images, videos, or real-time dashboards that may contain confidential company data.
• Device management enrollment data – connection profiles for vendor systems (e.g., Samsung MagicINFO, LG ConnectedCare, or Android Enterprise).
• User and admin accounts: Saved credentials for app stores or content management systems.
• Browser data: cached pages, cookies, and session tokens (for devices that use built-in browsers).

Leaving cached logins or network credentials behind can let new owners access company dashboards, accounts, or content management systems. Many displays even auto-reconnect to cloud management after resale if not unlinked.

Lighting and room automation gateways (e.g., KNX interfaces, Lutron Caseta/RA2/RA3, Philips Hue Bridge, Crestron or Extron control gateways used in meeting rooms)

These are part of the smart building infrastructure and integrate lighting, blinds, audiovisual equipment, heating, ventilation, and air conditioning (HVAC), and room control. They often connect to local networks and cloud accounts for management purposes.

Stored data:

• Admin or integration keys: Authentication credentials for local or cloud control systems (e.g., Crestron Fusion, KNX IP interface, Philips Hue).
• API tokens, which are used by control systems or mobile apps to automate or trigger room presets.
• Network settings: static IPs, Wi-Fi SSIDs, and credentials for control VLANs.
• Scene and schedule presets: Programmed lighting/AV automation scripts that sometimes contain references to meeting schedules or room names.
• Linkage to voice assistants or cloud services: OAuth tokens for Alexa for Business, Google Assistant, etc.

Using an automation gateway that has been reused could give a new owner insight into the building network or allow control commands over IP. Cloud-linked devices may still appear in your management console if they are not unregistered.

Cloud management portals (e.g., Barco XMS Cloud, Logitech Sync, Cisco Webex Control Hub, Samsung MagicINFO, Zoom Device Management, Microsoft Intune)

Although these are not physical devices, cloud management platforms store centralized control and credentials for fleets of hardware, such as cameras, displays, controllers, and whiteboards.

Stored data:

• Tenant or organization linkage: the account or domain under which devices are enrolled.
• Device enrollment information, including serial numbers, MAC addresses, configuration templates, and assigned rooms or locations.
• Admin and user roles: Who can control or reset devices remotely.
• API keys and integration tokens: Links to third-party services, such as Microsoft Teams, Zoom Rooms, and analytics platforms.
• Logs and telemetry data: usage statistics, connected devices, and activity history.

Even if you wipe or factory-reset a device, it may relink automatically if it’s still registered in your cloud tenant.

Conclusion: Don’t let your devices leak your data.

Modern office devices are more than just tools; they are miniature computers that store credentials, configurations, and business data. Each device, whether a printer, network-attached storage, conferencing unit, or even a lighting gateway, can hold information that could be misused if it falls into the wrong hands.

Before selling, donating, or recycling any device, make sure to securely wipe it, unlink it from cloud accounts, and remove it from any management platforms. Careless disposal can undo years of security efforts in seconds.

In upcoming articles, we will share practical checklists and secure disposal steps for specific device categories. These resources will help ensure that when your office hardware moves on, your data doesn’t go with it.