Second-Hand Computers Pose Identity Theft Threat

Jan 30, 2006
Computer connected to the internet

A new identity theft study conducted by leading University of Leicester criminologist, Professor Martin Gill found that second-hand computers - which account for one in 12 computers in use worldwide - can be a potential treasure trove of personal information - putting users at risk of fraud and identity theft. The study urges personal and business computer users to ensure that all data is removed from their computers prior to disposing of them.

During his study, Second-Hand Computers and Identity Fraud, Professor Gill and his team purchased six computers through a mixture of second hand channels. They then conducted a forensic data analysis on each one, using a widely available software programme.

Half of the computers had in fact not been securely wiped. In one case there had been no attempt to wipe the contents whatsoever. Worryingly, data retrieved from two of the computers contained information that could be used by an identity thief.

Professor Gill, commented: "The fact that we found so much personal information through a focused study indicates that the potential for fraud and identity theft from the second hand PC market is huge. More and more of us use PCs to conduct our personal business. We must all be careful not to overlook the virtual information trail that we leave behind us."

He continued: "Simply re-formatting a hard drive is not enough to make data irretrievable. Anyone disposing of a personal computer must ensure that all data is securely wiped using specialist software to wipe over every sector of the hard drive."

Computer one

Data retrieved included: bank account details; correspondence with a bank noting change of email address; membership details for a DVD website including username and password; details of a CV outlining qualifications and where the person studied.

Alarmingly this computer was bought via an internet auction. The seller not only said that the computer had been re-formatted but he also noted that 20 more of his clients' old computers were shortly going to be made available for auction.

On this evidence, Professor Gill believes that internet auction sites represent a good opportunity for identity fraudsters to obtain previously used computers. Indeed, based on the results of a search conducted across one popular auction website on 24th January 2006 as many as 13,000 second hand or refurbished laptops and PCs are up for auction at any given time.

Computer two

Computer two contained data on: Full name and details (sort code and account numbers) for eight separate accounts with a major high street bank; username and password for an ISP account; an e-mail from a travel firm confirming details of a new online account - including password; letters of correspondence confirming the user's address.

Interestingly computer two also appears to have been used for business purposes and contained sensitive information. There was a spreadsheet which contained details of creditors, payroll, the income tax due, the bank overdraft and the VAT due. There were also lists of around 250 names and addresses of past and present customers.

But it's not just those that sell their unwanted computers that are under threat. The reports' sponsor Capital One, which offers free identity theft and fraud protection and assistance services, points out that disposing of a PC is just as dangerous. One only has to visit a local refuse centre to find discarded computers and hard drives that can be picked up for free - or for a small charge.

Justin Basini of Capital One, commented:

"To date most of the advice surrounding protecting oneself against fraud and identity theft has centred around looking after personal, paper-based documentation. But that won't account for the digital fingerprints that we leave behind on our PCs. We hope that our study will alert people to the dangers and encourage them to thoroughly cleanse computers before letting them out of their possession."

Identity theft occurs when criminals steal and use your personal information, such as your social security number and date of birth, to assume your identity and make telephone or online purchases or open up credit card accounts and other lines of credit in your name.

These crimes are facilitated by the relative ease with which offenders can gain information and personal documentation about people. According to research published by CIFAS2, there were approximately 60,000 victims of identity theft in 2005 (a 14 per cent increase over 2004) and APACS3 reports that 7 per cent of all plastic fraud is related to identify fraud, costing approximately £37 million last year alone.

Basic advice for wiping data from a PC

1. Remember that the delete function does not securely wipe/erase the data. Much of it will be retrievable.

2. Reformatting the hard drive does not wipe/erase the data.

3. Always wipe the whole hard drive using a specialist software application before disposing of the computer. For this study Professor Gill and his team wiped all the data from the computers afterwards using a software programme called Encase Version 4.22.

4. If in doubt, seek professional advice before letting the PC out of your possession.

Source: University of Leicester

Explore further: Showing 'The Interview' is part of Google's long-term YouTube plan

add to favorites email to friend print save as pdf

Related Stories

Apple sold by Jobs fetches $365,000 at auction

Dec 11, 2014

A 1976 Apple computer sold by Steve Jobs from his parents' garage fetched $365,000 at auction in New York on Thursday, falling short of its pre-sale estimate in a competitive computer relic market.

After a data breach, it's consumers left holding the bag

Nov 28, 2014

Shoppers have launched into the holiday buying season and retailers are looking forward to year-end sales that make up almost 20% of their annual receipts. But as you check out at a store or click "purchase" on your online shopping cart ...

Facebook has URL for users running Tor-enabled browsers

Nov 01, 2014

A reassuring message on Friday from Facebook: "It's important to us at Facebook to provide methods for people to use our site securely." That is why Facebook implemented HTTPS across the service and Perfect ...

Recommended for you

N. Korea suffers another Internet shutdown

11 hours ago

North Korea suffered an Internet shutdown for at least two hours on Saturday, Chinese state-media and cyber experts said, after Pyongyang blamed Washington for an online blackout earlier this week.

Sony's PlayStation 'gradually coming back'

11 hours ago

Sony was still struggling Saturday to fully restore its online PlayStation system, three days after the Christmas day hack that also hit Microsoft's Xbox, reporting that services were "gradually coming back."

Chattanooga touts transformation into Gig City

11 hours ago

A city once infamous for the smoke-belching foundries that blanketed its buildings and streets with a heavy layer of soot is turning to lightning-fast Internet speeds to try to transform itself into a vibrant ...

Uber broke Indian financial rules: central bank chief

11 hours ago

India's central bank chief lashed out at Uber, already under fire over the alleged rape of a passenger, saying the US taxi-hailing firm violated the country's financial regulations by using an overseas payment ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.