ICO: half of second-hand hard drives contain data
By Stewart Mitchell
Posted on 25 Apr 2012 at 10:59
Half of second-hand devices still hold old data after they were sold on, according to tests from the Information Commissioner's Office.
The ICO bought 200 hard drives, 20 memory sticks and ten mobile phones from online auctions and trade fairs and said that 48% of them contained data that was easily retrievable.
The ICO warned that 11% of the data was personal and that at least two of the devices contained “enough information to enable someone to steal the former owner’s identity”.
“Today’s findings show that people are in danger of becoming a soft touch for online fraudsters simply because organisations and individuals are failing to ensure the secure deletion of the data held on their old storage devices,” said Information Commissioner Christopher Graham.
The ICO said many consumers were unaware that deleting a file doesn't mean it's irretrievable, and that over-writing software should be used before getting rid of hard drives or other devices that included storage.
A separate survey by the ICO suggested that 10% of people didn't even bother deleting data before passing a computer on.
Solution to ID theft:
Develop the identity system in such a way as to stop it bring so laughably easy to abuse - banking especially; sort code + acct# = profit.
By dubiou on 25 Apr 2012
Banking security is fundamentally flawed to its core when key security questions still include "date of birth". This is rarely private, secret information.
By halsteadk on 25 Apr 2012
Personaly I take my old hardrives/memory sticks out into the garden and smash them to bits with a sledgehammer. It's very therapeutic and you'd have to pretty desperate to try to extract anything from the debris.
By pinero50 on 25 Apr 2012
Normally you have a choice of security questions so you can choose one that the answer is not easily known. Also there is nothing to say you can't use a fictitious birth date or answer to the question. So it is still up to the user to use his brains.
By curiousclive on 25 Apr 2012
I my bank the sort code and account number would only allow you to pay in money to my account. So when am I to get the thousands you know you want to give me :)
By curiousclive on 25 Apr 2012
When a bank asks for your date of birth and mother's maiden name on an account application form and asserts that providing a false answer is fraudulent it's a bit risky to use a fictitious answer. Best case is you won't get the account approved.
By TBennett on 25 Apr 2012
By mhawkshaw on 25 Apr 2012
And for their next survey....
The highly paid ICO team (eg Christopher Graham 110k per year!) will be conducting another survey at public expense that a bunch of school kids could have done for a fraction of the cost!
By rjp2000 on 26 Apr 2012
Aviva have taken security a stage further they chose a question for me and presumably filled in the answer as I was not involved in the process.
The downside of this approach was that I had no idea what the answer was.
By tirons1 on 27 Apr 2012
- Adobe Dreamweaver CC review: first look
- Huawei Ascend P6 review: first look
- Adobe Illustrator CC review: first look
- Let MPs tell us what they really want ISPs to block
- Adobe Photoshop CC review: first look
- WWDC 2013 and iOS 7 launch: live blog
- Sony VAIO Pro review: first look
- Want child porn blocked? Meet the IWF
- Is it worth upgrading a media centre to Windows 8?
- Flickr redesign: is it enough to tempt photographers back?
- Google two-step verification: a must for business email
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?