Old Computers Lead to Identity Theft?

Discarded Windows machines might contain identifying data

Thursday, May 10, 2012
Old Computers Lead to Identity Theft?In many cases, when consumers get rid of an old computer, they go to considerable efforts to wipe the hard drives to erase any kind of information that may be stored on it, but sometimes, that might not be enough to protect them.

Older computers running Windows-based operating systems, especially Windows XP, may pose a significant identity theft threat to consumers, according to a report from USA Today. The same is true of smartphones using Google's Android mobile operating system. These same problems are not faced by consumers who use Apple and Research in Motion devices, such as iPhones, iPads and various BlackBerry handsets.

In research conducted by McAfee data security expert Robert Siciliano, using 30 preowned devices purchased from Craigslist, he found that half still contained large amounts of sensitive data, including the previous owners' bank account and Social Security numbers, the report said. All this was found using simple electronic forensics tools.

These problems may become even more widespread later this year when Microsoft rolls out its new Windows 8 platform, and consumers scrap or sell their XP-based machines when they upgrade, the report said. XP makes it quite difficult for consumers to extract or wipe old data. Further, Android smartphones may still contain personally identifying information even after being "restored" to original factory settings.

Siciliano noted that it's particularly important for consumers to make sure they have sufficiently cleaned out their old data from their various devices before disposing of them, the report said. Mary Ann Miller, a financial fraud expert, stressed that companies should be doing more to give consumers guidance on wiping their hard drives clean on unwanted devices. This is especially true because these days, consumers are storing more of their personal and financial information on a number of devices, as well as data on friends, family and other contacts.

"Security should be a key consideration from the moment you acquire a device - and when you dispose (of) it," Miller told the newspaper.

Brian McGinley, senior vice president of data risk management for CyberScout, has a blog about the ways consumers can make sure their information is secure both when they are using a device, and when they are getting rid of it.

© CyberScout, LLC. All Rights Reserved.
Sign up for our Newsletter. If you feel that you have been a victim of identity theft, call your provider organization to be put in touch with the CyberScout Resolution Center.