A new identity theft study conducted by leading University of Leicester criminologist, Professor Martin Gill found that second-hand computers - which account for one in 12 computers in use worldwide - can be a potential treasure trove of personal information - putting users at risk of fraud and identity theft. The study urges personal and business computer users to ensure that all data is removed from their computers prior to disposing of them.
During his study, Second-Hand Computers and Identity Fraud, Professor Gill and his team purchased six computers through a mixture of second hand channels. They then conducted a forensic data analysis on each one, using a widely available software programme.
Half of the computers had in fact not been securely wiped. In one case there had been no attempt to wipe the contents whatsoever. Worryingly, data retrieved from two of the computers contained information that could be used by an identity thief.
Professor Gill, commented: "The fact that we found so much personal information through a focused study indicates that the potential for fraud and identity theft from the second hand PC market is huge. More and more of us use PCs to conduct our personal business. We must all be careful not to overlook the virtual information trail that we leave behind us."
He continued: "Simply re-formatting a hard drive is not enough to make data irretrievable. Anyone disposing of a personal computer must ensure that all data is securely wiped using specialist software to wipe over every sector of the hard drive."
Data retrieved included: bank account details; correspondence with a bank noting change of email address; membership details for a DVD website including username and password; details of a CV outlining qualifications and where the person studied.
Alarmingly this computer was bought via an internet auction. The seller not only said that the computer had been re-formatted but he also noted that 20 more of his clients' old computers were shortly going to be made available for auction.
On this evidence, Professor Gill believes that internet auction sites represent a good opportunity for identity fraudsters to obtain previously used computers. Indeed, based on the results of a search conducted across one popular auction website on 24th January 2006 as many as 13,000 second hand or refurbished laptops and PCs are up for auction at any given time.
Computer two contained data on: Full name and details (sort code and account numbers) for eight separate accounts with a major high street bank; username and password for an ISP account; an e-mail from a travel firm confirming details of a new online account - including password; letters of correspondence confirming the user's address.
Interestingly computer two also appears to have been used for business purposes and contained sensitive information. There was a spreadsheet which contained details of creditors, payroll, the income tax due, the bank overdraft and the VAT due. There were also lists of around 250 names and addresses of past and present customers.
But it's not just those that sell their unwanted computers that are under threat. The reports' sponsor Capital One, which offers free identity theft and fraud protection and assistance services, points out that disposing of a PC is just as dangerous. One only has to visit a local refuse centre to find discarded computers and hard drives that can be picked up for free - or for a small charge.
Justin Basini of Capital One, commented:
"To date most of the advice surrounding protecting oneself against fraud and identity theft has centred around looking after personal, paper-based documentation. But that won't account for the digital fingerprints that we leave behind on our PCs. We hope that our study will alert people to the dangers and encourage them to thoroughly cleanse computers before letting them out of their possession."
Identity theft occurs when criminals steal and use your personal information, such as your social security number and date of birth, to assume your identity and make telephone or online purchases or open up credit card accounts and other lines of credit in your name.
These crimes are facilitated by the relative ease with which offenders can gain information and personal documentation about people. According to research published by CIFAS2, there were approximately 60,000 victims of identity theft in 2005 (a 14 per cent increase over 2004) and APACS3 reports that 7 per cent of all plastic fraud is related to identify fraud, costing approximately £37 million last year alone.
Basic advice for wiping data from a PC
1. Remember that the delete function does not securely wipe/erase the data. Much of it will be retrievable.
2. Reformatting the hard drive does not wipe/erase the data.
3. Always wipe the whole hard drive using a specialist software application before disposing of the computer. For this study Professor Gill and his team wiped all the data from the computers afterwards using a software programme called Encase Version 4.22.
4. If in doubt, seek professional advice before letting the PC out of your possession.
Source: University of Leicester
Explore further: Theoretical computer science provides answers to data privacy problem