Smash old hard drives for total data security, says Which?

People disposing of their old computers could easily fall victim to identity theft - even if they delete files or wipe the hard drive, warns Which? Computing.


People disposing of their old computers could easily fall victim to identity theft - even if they delete files or wipe the hard drive, warns Which? Computing.

Which? says criminals are trawling council tips and internet auction sites for PCs, and then recovering deleted data with the help of specialist software.

This information could be used to make a fraudulent credit card application, order a new phone, or even apply for a copy of a birth certificate, said Which?

As part of a report, Which? Computing bought eight second-hand hard drives from auction site eBay, and found that they still held information that could be confidential.

Using free software downloaded from the internet, Which? was easily able to recover 22,000 "deleted" files, including images, music files and spreadsheets.

The importance of disposing of data correctly is highlighted by the case of Alexander Skipwith, a Which? Computing reader from London.

He was told by an IT firm that his faulty hard drive would be wiped of personal information before being sent back to the manufacturer.

He subsequently had family pictures, bank statements and more "held to ransom" by a man in Latvia, who sent Skipwith one of his personal photos to show he meant business.

Skipwith finally agreed a £100 fee plus expenses for the return of his information, but such data could be worth more than that, said Which?, as industry estimates say the average UK citizen is potentially worth £85,000 to an identity fraudster.

Which? Computing suggests a non-technical solution to the problem. If you want to be absolutely sure your files are deleted, remove the hard drive from your PC and destroy it with a hammer.

Sarah Kidner, Editor of Which? Computing said, "PCs contain more valuable personal information than ever as people increasingly shop online, use social networking sites and take digital photos.

"Even if you delete your files, you would be surprised how easy it is to recover your personal data. Such information could bring identity thieves a hefty payday. It sounds extreme, but the only way to be 100% safe is to smash your hard drive into smithereens."

But Which?'s advice has been slammed by Kevin Moreau, general manager at data back-up firm Acronis.

He said, "Smashing hard drives to destroy data is expensive, environmentally damaging and completely unnecessary."

He says, "The Which? study glosses over the fact that there are ultra-effective disk cleansing solutions available to the consumer, some of which have been approved by, and are used by, government defence agencies as well as Fortune 500 companies around the world."

However, as organisations have found to their cost in the past, those responsible for wiping data from redundant equipment do not always do it.

Last year, for instance, Kirklees council in West Yorkshire found that its whole network was vulnerable after someone was able to buy an old council server on eBay which had all the council's network connection settings still loaded onto it.

The council had failed to wipe the data before recycling the hardware, and the eBay buyer was able to automatically connect to the council's virtual private network.

Read more on IT risk management