People disposing of their old computers could easily fall victim
to identity theft - even if they delete files or wipe the hard
drive, warns Which? Computing.
Which? says criminals are trawling council tips and internet
auction sites for PCs, and then recovering deleted data with the
help of specialist software.
This information could be used to make a fraudulent credit card
application, order a new phone, or even apply for a copy of a birth
certificate, said Which?
As part of a report, Which? Computing bought eight second-hand
hard drives from auction site eBay, and found that they still held
information that could be confidential.
Using free software downloaded from the internet, Which? was
easily able to recover 22,000 "deleted" files, including images,
music files and spreadsheets.
The importance of disposing of data correctly is highlighted by
the case of Alexander Skipwith, a Which? Computing reader from
London.
He was told by an IT firm that his faulty hard drive would be
wiped of personal information before being sent back to the
manufacturer.
He subsequently had family pictures, bank statements and more
"held to ransom" by a man in Latvia, who sent Skipwith one of his
personal photos to show he meant business.
Skipwith finally agreed a £100 fee plus expenses for the return
of his information, but such data could be worth more than that,
said Which?, as industry estimates say the average UK citizen is
potentially worth £85,000 to an identity fraudster.
Which? Computing suggests a non-technical solution to the
problem. If you want to be absolutely sure your files are deleted,
remove the hard drive from your PC and destroy it with a
hammer.
Sarah Kidner, Editor of Which? Computing said, "PCs contain more
valuable personal information than ever as people increasingly shop
online, use social networking sites and take digital photos.
"Even if you delete your files, you would be surprised how easy
it is to recover your personal data. Such information could bring
identity thieves a hefty payday. It sounds extreme, but the only
way to be 100% safe is to smash your hard drive into
smithereens."
But Which?'s advice has been slammed by Kevin Moreau, general
manager at data back-up firm Acronis.
He said, "Smashing hard drives to destroy data is expensive,
environmentally damaging and completely unnecessary."
He says, "The Which? study glosses over the fact that there are
ultra-effective disk cleansing solutions available to the consumer,
some of which have been approved by, and are used by, government
defence agencies as well as Fortune 500 companies around the
world."
However, as organisations have found to their cost in the past,
those responsible for wiping data from redundant equipment do not
always do it.
Last year, for instance,
Kirklees council in West Yorkshire found that its whole network was
vulnerable after someone was able to buy an old council server
on eBay which had all the council's network connection settings
still loaded onto it.
The council had failed to wipe the data before recycling the
hardware, and the eBay buyer was able to automatically connect to
the council's virtual private network.