BBC finds UK banking data on recycled PCs

The exposure of sensitive data on old PCs sent to Nigeria offers a cautionary lesson

James Murray, IT Week 15 Aug 2006

A BBC investigation has discovered details of online bank accounts on recycled PCs sent from the UK to Africa – highlighting the need for firms to ensure hard drives are wiped before they dispose of old IT equipment.

The investigation, which was screened on the BBC’s Real Story programme on Monday (14 August), found bank account details belonging to thousands of Britons were being sold in West Africa for less than £20 each after the data was recovered from hard drives found in PC’s sent to the region from the UK.Reporters found that may of the PC’s for sale in the Nigerian capital Lagos came from UK council recycling points and while it is thought that the bulk of the data compromised was from personal PCs it is possible corporate PCs were also affected.

Jon Godfrey, chairman of IT asset disposal specialist Life Cycle Services, said the discovery was a reminder to firms that they should work with certified IT disposal firms and should audit their partners to ensure they follow best practices for wiping corporate data from end-of-life machines.

“Some less scrupulous waste disposal companies aren’t going to the time and expense of wiping data so IT directors need to use a reputable organisation that can prove, audit and certify that data is wiped, “Godfrey said. “Preferable you want to go with a company that will offer a guarantee that all will be destroyed, as when you are disposing potentially sensitive data one mistake is too many – we offer a £2m guarantee that we destroy all the data.”

Godfrey added that IT directors should follow the latest UK government approved Infosec standard for data erasure rather than the older and less robust US Department of Defense standards.

News again throws the spotlight on the practice of shipping used IT assets to the developing world, which has also faced criticism from green lobbyist for shifting the environmental problems posed by hazardous IT components onto countries without the infrastructure to dispose of them safely.

However, David Sogan chief executive of IT charity Digital Links International, insisted the latest revelation should not put firms off donating PCs to be used in developing countries. “There is a great second use for computers in the developing word, “he said. “But if you are going to do it you need to go through a responsible channel and use accredited partners for collection and data sanitisation.”

The news follow the release last week of new research from Glamorgan University that found failure to correctly wipe data from hard drives is a widespread problem in developed economies. The research, which was backed by Life Cycle Services and BT, looked at 317 second hand hard drives from the UK, North America, Germany and Australia and found that while 41 percent were unreadable, 20 percent contained information that could identify individuals and five percent held commercial data.


Did You Know

arrow Identity theft is the top consumer complaint in the USA according to the Federal Trade Commission.

arrow US consumers reported fraud loss totalling more than $1.1 billion in 2006.

arrow Credit card fraud (25%) was the most common form of reported identity theft in the US in 2006.

arrow More than 100 000 people are affected by identity theft each year in the UK

arrow According to Privacy Rights Clearinghouse, more than 350 data loss incidents involving more than 140 million records have occurred since February 2005

arrow Organisations are obliged by law to take take adequate steps to ensure the proper disposal of data

You are here  :