Feeds

Old PCs are goldmine for data thieves

Don't forget to wipe

  • alert
  • submit to reddit

Protecting users from Firesheep and other Sidejacking attacks with SSL

Organisations are risking seeing sensitive information ending up in the wrong hands, because they are failing to ensure that their unwanted PCs are properly datawiped.

Data is erased from less than a quarter of discarded PCs, according to UK PC recycling firm Remploy e-cycle. Seventy five per cent of 350 firms it quizzed sold or gave away unwanted PCs, but only 23 per cent wiped hard disks before getting rid of old computers. Four in ten (38 per cent) of those reformated drives before giving them away in the mistaken belief that this would prevent sensitive date from being recovered, the study found.

Many of the worst data security risk takers came from the financial services industry. Only one in eight ensured that sensitive data got destroyed, according to Remploy.

Noel Harasyn, Remploy e-cycle's general manager, said: "Quite frankly, this is deeply disturbing. It is laudable that companies are already making redundant equipment available for re-use but in the overwhelming majority of cases, they are not rendering the data on hard drives unrecoverable. Simply reformatting or overwriting once or twice as most appear to do will still allow much of the data to be recovered."

WEEE the unprepared

The survey comes ahead of legislation this Autumn which will put more pressure on companies to recycle IT equipment, rather than dumping it in landfill sites. The WEEE Directive (Waste Electrical and Electronic Equipment) makes manufacturers responsible for recycling electrical equipment at the end of its useful life. However, research from printer manufacturer Brother suggest most companies expect to shoulder some of the cost.

Remploy's survey highlights a longstanding issue. Earlier this year a customer database and the current access codes to the supposedly secure intranet of one of Europe's largest financial services group was left on a hard disk offered for sale on eBay. The disk was subsequently purchased for just £5 by mobile security outfit Pointsec Mobile Technologies.

Pointsec purchased 100 hard disks through internet auction sites, as research into the "lifecycle of a lost laptop". It could read seven out of 10 hard-drives bought over the internet, despite the fact all of had supposedly been wiped-clean or re-formatted. The company said the exercise illustrates how easy it is for identity thieves or opportunists to access highly sensitive and valuable company information from lost laptops and hard drives.

In 2000, Sir Paul McCartney's banking details were discovered on a secondhand computer discarded by merchant bankers Morgan Grenfell Asset Management. The PC was released into the second-user market without first being wiped clean of data. ®

Related stories

Oops! Firm accidentally eBays customer database
How to make hard cash from old IT
Brace your IT budget for green impact
Paul McCartney account details leaked on second user PC
Datawiping works (true)

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.