Enterprises risk data theft from old laptops
Many companies turn in their old laptops to the computer firm that sells them their new laptops. The computer firm, such as Dell, then sells them to a firm that refurbishes laptops, which in turn sells them on eBay.
Companies either wipe the data from the laptops or assume that the computer firm wipes the data. But sometimes, the data wiping falls through the cracks.
That is what recently happened to U.K. film maker Glenn Swift, who returned a faulty Acer laptop to Sainsbury, where he initially bought it. Sainsbury told Swift that they needed to return the laptop to the manufacturer to have it fixed.
"But then, six days later, out the blue, I received an email from a gentleman who informed me he had just purchased a second-hand laptop on eBay. It still had my profile on it and he asked for my password to allow him to unlock it. Alarm bells started ringing," Swift told The Guardian.
"It was then I realised just how much information a Windows 8 profile can access. When you first use it you have to set up a profile. If you are an existing user your profile is automatically downloaded to the new computer--apps, settings and passwords, Facebook, Twitter, Yahoo, BlackBerry, Gmail, etc. All your information, accessible in one single place," he observed.
Swift did not give the person the password, but contacted Sainsbury's, who informed him that they had returned the laptop to the manufacturer for diagnostics. If the manufacturer chose to resell the computer, it would first be refurbished and the data wiped, they told him.
Obviously, that did not happen in Swift's case. He contacted the police, who warned him that he was vulnerable to identity theft, so he began changing all of his passwords.
While Swift's case involved an individual laptop, similar risks await organizations that return used laptops or other computer equipment trusting that the data will be wiped.
To prevent data from getting into the wrong hands, enterprises should ensure all laptops have hard disk encryption and that a complete erasure of data, including multiple passes across the hard drive, is performed before the used laptop is turned over to a third party, advises IT security researcher Graham Cluley.
- read The Guardian article