Identity Theft Stories

Five Chicago-area residents are facing numerous federal felony charges after they allegedly went on a maniacal three-day shopping spree through three states spending thousands of dollars at Target and Meijer stores using fake credit cards.

The 15-count indictment filed by the United States Attorney in Grand Rapids lists nearly 400 transactions from April 2007, when the conspirators allegedly used a machine to put a fraudulent account number on a Visa card, which was then used to purchase items and gift cards.

The indictment claims the four men and one woman rented a U-Haul on April 20, 2007, near Chicago and began heading northeast. After hitting numerous Meijer and Target stores in Indiana and southwest Michigan, the group made it to the Meijer Store at 54th Street and Clyde Park Avenue in Wyoming.

In Wyoming on April 21, 2007, they used Meijer gift cards purchased elsewhere to make more than $1,600 in purchases, according to the indictment.

Federal prosecutors say the five then traveled to Caledonia and hit the Meijer there for nearly $1,800 in gift card purchases.

Then it was to Meijer stores in Grandville, Jenison, at 28th Street SE and Kalamazoo Avenue, Cascade Township, the East Beltline Avenue, Plainfield Avenue NE, Alpine Avenue NW and the Walker store. Each was allegedly hit for between $1,000 and $2,000 using either gift cards or Visa.

By 2:30 a.m. April 23, they were swinging back to the Jenison store to allegedly have transactions totaling around $7,000 and then one more Kent County stop around 4 a.m. at the Grandville Meijer for more than $1,100 in purchases.

E-Bay was used to sell items and to make bank transfers prior to the trip, according to the indictment.

Items purchased included video game systems and music players.

The five Chicago-area residents charged are Seth Ryan — the alleged ringleader, Grzegorz Stachurski, Kimberly Stachurski, Michael Boerger and Arthur Smith IV. Charges include conspiracy to commit credit card fraud and identity theft.

courtesy of The Grand Rapids Press

Identity theft was the No. 1 fraud complaint in a government-maintained database that keeps track of consumer gripes, according to a Federal Trade Commission.

In 2007, the database received more than 800,000 complaints, with 32% of those about identity theft and the rest, or 68%, pointing to various other types of fraud, according to FTC.

Overall, consumers reported fraud losses of more than $1.2 billion, with a median monetary loss per person of $349, according to the FTC report.

“This is the information that consumers have reported. It’s not every complaint that exists,” said John Krebs, an attorney in the FTC’s consumer protection bureau. Information about complaints is self-reported and unverified. The database, called “consumer sentinel,” collects information about fraud and identity theft from the FTC and other organizations.

An identity theft story can involve ANYONE. If you think that only unsuspecting housewives, too harassed by the many chores they have to get done with children in tow, would fall prey to identity thieves (i.e., getting their credit cards, checks, personal info stolen), think again. Even a celebrity can figure in an identity theft story.

In fact, a famous identity theft story (famous because of its victims) took place a few years back. In March 2001, New York police caught Abraham Abdallah. At the time, Abdallah was 32 years old, a busboy, a high school dropout, and a large-scale identity thief!

Identity Theft Stories Involving America’s Richest

Police said he stole the identities of Oprah Winfrey and Steven Spielberg, and lots of other famous, rich Americans. He got a Forbes 400 listing of the richest people in America, and simply went down the line!

He got caught while stealing $22 million. How did he do it? The Internet, of course! He surfed the Web to gather background data on a victim and one of his tactics was to open a mailbox under his victim’s name.

An amusing twist to this identity theft story would probably make you shake your head. Police discovered that Abdallah once participated in – get this – an antifraud informational video used by the government in New York!

That was back in 1986 when Abdallah was still a teenager. In the video, Abdallah spoke on how easy it would be to commit fraud. Abdallah was the star of his own straight-to-video, identity theft story!

But police files show that Abdallah continued starring in his own real life, identity theft story as he was apprehended 16 additional times, at least!

Experts say that starring in an identity theft story as the perpetrator of the crime can become addictive. Why? Because:

• It is nonviolent.
• It involves huge profits.
• It can be done anonymously.
• All that is needed is Internet access.

A month before the Abdallah case, the man who figured in the Tiger Woods identity theft story was convicted. Anthony Lemar Taylor, age 30, was sentenced to a whopping 200 years in prison.

To avoid starring in your own identity theft story as a victim, you can visit your state police website or, better yet, visit the FTC website.

The Trade Commission is involved in tracking every identity theft story that involves consumer fraud. But it has put helpful tips on their website to prevent all sorts of identity theft and the steps to take if you think you have been victimized.

For Aisha Shahid and dozens of others who went to an advertised job fair in Chattanooga and got offers of nightclub work in Atlanta, Memphis and Miami, the “dream jobs” turned out to be an identity theft scam.

A man who identified himself as record company and music group president William Devon took applications and personal identification numbers from more than 100 people January 13th and 14th…

The man took many of the applicants’ drivers licenses, birth certificates, Social Security cards and even a diploma.

While obviously I’m not going to be applying for a nightclub job (like anyone would hire me if I did), I began to think about the concept. If I heard about a job fair and someone said they represented a reputable company, was dressed in the appropriate attire with name tags and materials from that company to give away and after talking a bit asked me to fill out an application, I would probably do so without thinking twice – and that would turn over a lot of my sensitive information including social security number, birthday, driver’s license number, contacts, address and probably anything else that was asked on the application.

If an ID scam like this took place, it’s only a matter of time that something like what I just described above also takes place. It’s another reminder (especially to myself) that you do need to be extremely careful to whom you turn over your sensitive information to.

story courtesy of  Teri Newton

I recently became one of the 9 million people to become victim to identity theft this year in the United States. Much of what I have learned in the last few weeks I share to spark outrage at what is becoming more and more common and also to share what you can and should be doing to protect yourself.

As for me, I did everything I was supposed to do. I never give any personal information unsolicited and am wary of the tons of phishing e-mails I receive every day. I drop my mail in a locked box and tend to receive all of my statements electronically (avoiding personal info being sent through the mail). I shred anything I own or receive with personal information and I check my banking and credit accounts, on average, every single day. We also have extensive security measures on our home computer.

So naturally I was extremely frustrated to find out someone had opened 7 credit cards in my name over the course of a few days in July. Of course, as I was calling to close all these cards and as I discussed the incident with colleagues and friends, the inevitable question came up over and over and over. Where did the ID thieves get my information? Well, that is a wonderful question. Knowing all I had done to safeguard my information, I started racking my brain; who does have my address, social security number, and birth date? My college, all of my former employers, all of my investment account brokerages, all of the financial institutions that I use, the IRS, the state of California, etc. The list is a mile long. I will probably never know where my information was stolen from.

My annoyance at how little we can really do to protect ourselves was magnified by the credit card companies that issued $25,000 of credit to someone using my name in another state, in the course of a week. Oh yes, they were very nice about closing all the accounts and removing the info from my credit report because of the terribly obvious fraud, but just left me even more frustrated. Why would a Department Store hand $7500 to someone in a state across the country with my California address? Did they look at my credit report? Did they see the 7 inquiries (extremely out of character considering I owned no Department store accounts prior)? Only one Department Store credit issuer of 7 noticed anything suspicious. Ironically it was the smallest of the companies, the one that had the most to lose. They issued the card but did not allow the thieves to charge even $1 because the red flags went off for them. The charges were suspicious, and one simple credit checked showed some obvious fraud (multiple inquiries at 7 stores). None of the other companies had checked my credit report after the initial credit issuance. Some saw the other inquiries and thought little of it. Other issuers had handed out $5,000 here and $7,500 there and had no clue anything shady was going on. They simply didn’t care; for them, a cost of doing business. I leave from this experience with the feeling that the big credit companies could care less about the problem as they rather risk the loss and allow instant credit, than use a little more caution and care in issuing credit. My excellent credit score was my absolute downfall in this case. I was amazed at some of the credit limits issued (and most were maxed out within the day with little question).

I was frustrated to learn that a call to one or all 3 of the Credit Bureaus (a simple quick call to an automated service) would place fraud alerts on my credit report, but that credit issuers can choose to ignore them. Also, that this will do little to stop the identity thieves from opening utility accounts in my name or committing crimes in my name. As for me I have no idea what the extent of the damage to my name will be and may not know for many years.
I was lucky though. I get the feeling the thieves in this case weren’t terribly savvy as I found out within days with phone calls from one astute fraud department, and as credit cards starting to arrive in the mail. Identity thieves prefer to mask the theft from you so that you do not find out for weeks, months or even years.

One thing you can do to protect yourself is to check your credit reports often. Annual Credit Report allows you to check your credit report online for free. You can check with each of the three credit Bureaus once every year, which means basically you can check your credit report for free three times every year.

It wasn’t until my identity was stolen that I realized how incredibly useless this is as a whole. When it comes to tracking identity theft, each bureau report looks very different and for me I had to look at all three reports at the same time to track down all the identity theft. Over time the three credit bureaus share all of the data with each other and your reports should eventually all read the same, but there are stark differences in all three of my reports, even pre-identity theft. As for me the only way I can check my report for new activity without paying staggering fees was to sign up for credit monitoring. In this case I pay $12/month and receive e-mails whenever anything new hits any of my 3 reports. I can also check my credit report with the Bureau I bought the service through, daily if I like. Sure, checking your free report is a start but in the months you spend between free checks someone can absolutely obliterate your credit. In this case it only took 5 days (though plenty of damage was done on Day 1).

In addition, I also learned about credit freezes. Knowing what I know now, I gladly would have put a credit freeze on my account. In most states, you can freeze your credit files so that no one can access them without your permission (except your current creditors and those you currently do business with). If someone told me to freeze my credit a year ago I am not sure if I would have bothered, it would have cost me $30, but now it is definitely something I plan to do.

With a credit freeze, most creditors will not issue credit in your name without being able to check your credit first, so this is a wonderful way to protect yourself from this kind of fraud. If you rarely use credit, why not? However, a credit freeze will not protect you from others opening utility or bank accounts in your name, as these can often be opened without a credit check. It will also not protect you from identity thieves who use your existing accounts.

The downside to a credit freeze is that you will have to lift the freeze whenever you apply for new credit, or when applying for insurance, jobs, etc. However, in some states, potential employers, insurance companies, landlords, and other non-creditors can still get access to your credit report with a credit freeze in place. You would definitely want to check your state rules. In California, for example, insurance companies can not raise your insurance rates just because your credit is frozen, but you would have to lift the freeze if you were shopping around with new insurance companies or applying for a job.

In order to freeze your credit you generally write to each of the 3 Bureaus and request a credit freeze. The rules vary from state to state but in most states this request is free once you are the victim of identity theft. Most states allow the Bureaus to charge you a $10 fee per credit Bureau ($30 total for all three) to place a credit freeze and also allow them to charge about the same to lift a credit freeze. You can lift the freeze for a period of time (for example if you are on a job search) or for specific creditors or employers, etc. if you want to allow one entity to look at your credit record. You are given a pin number to life the freeze as well (to prevent just anyone from being able to lift the freeze).

I find the credit freeze ideal for our situation since we don’t intend to open any new credit accounts (nor mortgage or car loan) anytime in the near future and we also don’t intend to be job hunting or insurance hunting any time in the near future either. I think being a little older and more established it can make sense, but for younger people vying for a mortgage, jobs, insurance, credit, and car loans, it may make little sense. Just know that the option is there. You have to do a cost benefit analysis of sorts to decide if it was really worth it. For me the ID theft has thus far caused me little money, but much time. However, knowing how little I need to access my credit, with hindsight I would have preferred just to have had my credit frozen. I just wasn’t really aware the option was there before.

Also realize if both you and your spouse decide to freeze your credit, the expense is twofold since you will have to freeze both of your credit records.

Here is a good link from the FTC on credit freezes and here is a state by state listing of credit freeze laws and fees. For the states not listed (many) credit freezes are unfortunately not an option to consumers.

One final thing this has reiterated to me is to guard your social security number and your birth date with extreme caution. I generally do not give my social security number to just any organization who asks, but I do know there was a security breach with a professional organization I belong to, that did lose my social security number. Today as I rack my brain as to why they would have possibly needed my social security number, I can’t really come up with an answer. I also now see the importance of guarding my birth date. I have decided to come up with a dummy birth date (probably same year and month) for organizations that do not need my birth date but ask for it. Better yet when you fill out a form with requests for social security numbers and birth dates, just leave them blank. The government, your employers, and financial institutions DO need this information for tax reporting and there is not much you can do about it. However, I do advise to be extra discriminating when handing this information over to other organizations that you do business with.

It is extra interesting for me as I work in an office where we are entrusted with all of this personal information. Frankly all it would take is one rogue employee to skim the data from a few of our clients and who knows if we would ever know. It is just eye opening to me how easy this is and how any sense of security I have ever felt about my identity was rather false.

If you have never checked your free credit report, all I have to say is, what are you waiting for? If you haven’t checked in the last week, it wouldn’t really be too soon. Signing up for credit monitoring and credit freezes may be more extreme measures, but with reports of rising identity theft it seems to be more necessary to take bigger measures to protect yourself.

Have you ever given more than a passing glance to the dumpsters in the back parking lot of your neighborhood stores? They’re not just trash bins. For recycling devotees, they’re a treasure trove of cast-offs. For others, they’re a fertile source of raw materials that can be used to commit identify theft fraud.

It stinks — aspiring identity thieves sort through trash looking for pre-approved credit card offers and other papers bearing personal identifiers.

Also known as “binning,” the less sinister form of dumpster diving has given way to website posts listing the location of “scores” and site visitors competing for the best finds. And late-night dumpster divers have been caught in the act on YouTube.

But don’t assume all these low-tech attacks are the harmless doings of eccentric people. Consider these cases:

• A Wall Street Journal reporter found that nearly half of the dumpsters he searched at mortgage/title companies contained sensitive borrower information.
• The Texas attorney general charged CVS Pharmacy after hundreds of documents containing customers’ personal information were unlawfully dumped behind the business. Found data included credit card receipts and prescription sleeves that included dates of birth, prescribing physicians and medications.
• A Hawaii newspaper editor discovered 39 boxes of mortgage documents one day when dropping off newspapers at a recycling center. He tracked down the owner, who, after storing the documents in his basement for six years, paid a handyman $150 to dispose of them.

Aside from quizzing store managers, there’s little consumers can do about how their information is handled once they provide it to companies they do business with.

To avoid identity theft from your own trash, shred sensitive documents. The Washington state attorney general’s office³ recommends shredding:

• Address labels from junk mail and magazines
• ATM receipts
• Bank statements
• Canceled checks
• Credit and debit card bills and receipts
• Pay stubs
• College, military, employee and health insurance ID cards
• Expired passports
• Insurance documents
• Investment paperwork
• Legal documents
• Luggage tags
• Medical/dental records
• Anything listing your Social Security number
• Pre-approved credit card offers
• Résumés
• Signatures
• Tax forms
• Used airline tickets
• Utility bills

33 million records.

That’s the number of consumer records that have been exposed so far in 2008, a record year for data breaches, according to statistics from the Identity Theft Resource Center , which tracks breaches reported by U.S. organizations. And that count may only be the tip of the iceberg; without a federal requirement for organizations to quantify the amount of consumers affected by data breaches, the real figure is likely much higher.

With the fact in mind that over 80 percent of these breach events were due to electronic data breaches, it’s little wonder that states throughout the U.S. are pushing to enact strong data security regulations to ensure that businesses protect sensitive customer data that is stored on computers or transmitted electronically via websites and e-mail.

Nevada is the first of several U.S. states to adopt new laws mandating that businesses better protect their customers’ digital confidential information. As of October 1, 2008, Nevada law requires businesses in the state that engage in the electronic transmission of certain personal information — including names and credit card numbers — to encrypt such transmissions.

The law is affecting the way organizations do business, and presents unexpected hardships for many. Charity organizations, which often store vast amounts of confidential information — including client names and addresses, as well as donor credit card information — are among the hardest hit by the new mandate, forced to overhaul their data systems while still carrying out the vital work they do.

One such group affected by the law is the Foundation for Positively Kids (FPK), a non-profit organization dedicated to providing comprehensive care to medically dependent and terminally ill children in Las Vegas, Nevada.

“We are trying to take care of sick and dying kids — why do I have to worry about a new Nevada encryption law?” Fred Schultz, CEO and founder of FPK, asked rhetorically in a recent NonProfit Times article which reported on the new requirements for secure transmission of donor and client information.

According to Schultz, the difficulty lies not in encryption itself, but in setting up the necessary security systems to accommodate the new law.

“All personal items on families we serve is sent or received by e-mail or fax. This must now be encrypted,” Schultz said.

Organizations in Nevada are not the only ones affected by increased encryption measures. Massachusetts has recently enacted an even wider-encompassing data privacy and security measure than Nevada’s. The law, which takes effect on January 1, 2009, includes encryption of data stored on laptops and other portable devices.

With Nevada’s law in effect, and Massachusetts’ legislation ready to move forward, other states are expected to follow with similar measures. Michigan and Washington state are also considering such regulations. At the same time, companies based outside of these states may also need to take heed of the new regulations; since the laws apply to out of state companies that operate or have customers within the state’s limit, even specific state regulations have the potential to affect many.

“This may well be a telling example, indicating the type of legislative and accountability measures to come in the future. These types of encryption laws serve as a reminder of the importance of protecting personal information, and the steps that can be taken — by both consumers and businesses — to safeguard sensitive data. While encryption is not the only step that companies should be taking to protect private data, it is certainly a critical one,” said Jason King, Lavasoft CEO .

“While these laws may present initial compliance issues for some organizations, the mandates are sure to trigger more awareness of the need to adopt security measures to protect private data, which is, ultimately, a positive step for consumers,” King said.

Senior military leaders took the exceptional step of briefing President George W. Bush this week on a severe and widespread electronic attack on Defense Department computers that might have originated in Russia, posing unusual concern among commanders and potential implications for national security.

Defense officials would not describe the extent of damage inflicted on military networks. But they said the attack struck hard at networks within U.S. Central Command, the headquarters that oversees U.S. involvement in Iraq and Afghanistan, and affected computers in combat zones.The attack also penetrated at least one highly protected classified network.

Military computers are regularly beset by outside hackers, computer viruses and worms. But Defense officials said the most recent attack involves an intrusive piece of malicious software, or “malware,” apparently designed specifically to target military networks.

“This one was significant; this one got our attention,” said one Defense official, speaking on anonymity when discussing internal assessments.

Although officials are withholding many details, the attack underscores the increasing danger and potential significance of computer warfare, which defense experts say could one day be used by combatants to undermine even a militarily superior adversary.

Bush was briefed this week on the threat by Navy Adm. Michael G. Mullen, chairman of the Joint Chiefs of Staff. Mullen also briefed Defense Secretary Robert M. Gates.

Military electronics experts have not pinpointed the source or motive of the attack and could not say whether the destructive program was created by an individual hacker or whether it had Russian government sponsorship. Defense experts might never be able to answer such questions, officials said.

The Defense official said the military has also not learned whether the software’s designers might have been specifically targeting computers used by troops in Afghanistan and Iraq.

However, suspicions of Russian involvement come at an especially delicate time because of sagging relations between Washington and Moscow and growing tension over U.S. plans to develop a missile defense system in Eastern Europe. The two governments have also traded charges of regional meddling after U.S. support for democratic elections in former Soviet states and recent Russian overtures in Latin America.

U.S. officials have worried in recent years about the possibility of cyberattacks from other countries, especially those originating in China or Russia, whether sponsored by governments of those countries or launched by individual computer experts.
An electronic attack from Russia shut down government computers in Estonia last year. And officials believe that a series of electronic attacks were launched against Georgia at the same time as hostilities erupted between Moscow and Tbilisi last summer. Russia has denied official involvement in the Georgia attacks.

The first indication of a problem in the Pentagon’s computers came last week, when officials banned the use of external computer flash drives. However, officials at the time did not indicate the extent of the attack or the fact that it might have targeted Defense systems or posed national security concerns.

The invasive software, known as agent.btz, has circulated among nongovernmental U.S. computers for months. But only recently has it affected the Pentagon’s networks. It is not clear if the version responsible for the cyber intrusion of classified networks is the same as the one affecting other computer systems.

The malware is able to spread to any flash drive plugged into an infected computer. The risk of spreading the malware to other networks prompted the military to ban the flash drives.

Defense officials acknowledged that the worldwide ban on external drives was a drastic move. Such drives are used constantly in Iraq and Afghanistan, and many officers keep flash drives loaded with critical information on lanyards around their neck.

Banning their use made sharing information in the war theaters more difficult and reflected the severity of the cyber intrusion and the threat from agent.btz, a second official said.

Officials would not describe the exact threat from agent.btz, or say whether it can shut down computers or steal information. Some computer experts have reported that agent.btz can allow an attacker to take control of a computer remotely and to take files and other information from it.

Identity theft is an ever-increasing threat for all consumers — one that could damage your credit ratings and cost you thousands of dollars. And teenagers are among the most vulnerable.

Suzanne Boas, president, Consumer Credit Counseling Service, has seen the damage first-hand. “It is frightening to think what can happen to you when someone gets a hold of your identity,” she says.

Hailey Lowe, 18, has heard of one way thieves can steal identities. “I guess they could … get online – I’ve heard of people doing that – get online, take your identity and buy stuff,” she says.

And that’s just the beginning. Boas says, “If they’ve managed to get a hold of your Social Security number and take out credit card applications in your name, that may go on for months before you realize it and it may actually take you years to resolve the problem.”

The far-reaching effects of identity-theft create countless hurdles to overcome. “You may have difficulty getting a job where a credit report is required. You may have trouble renting an apartment. You may have trouble leasing a car. You may have all sorts of difficulties that you can’t even imagine now,” says Boas.

While everyone is at risk, why are teenagers being singled out? Boas says, “A teenager is a perfect target; just by virtue of their age, they’ve got an unblemished credit record to begin with.” That’s why, experts say, parents need to help kids protect themselves.

“Number one would be leave your Social Security card at home,” says Boas. “Secondly, make sure you protect your credit cards all the time, and your checkbook. Don’t take them when you’re going out partying.”

And third, remember that your identity can be stolen online. “So if you’re going to use a credit card on the Internet,” says Boas, “make sure that you’re going into a secure website.” Knowing the risks of theft is the first step in protecting your identity and your financial future. And Hailey Lowe is now more aware.

“I think I’ll try harder definitely, knowing that it’s a bigger risk than I thought before,” she says.

Tips for Parents

In recent years, identity theft has become a very serious threat, due in part to the Internet and the availability of online activities, such as banking, shopping, and gaming. Consider the following statistics:

* The average cost to an identity-theft victim is more than $1,000 to remedy damages. Sometimes it takes years to set things straight.

* Consumer groups estimate that as many as 750,000 people a year are victims of identity theft.

* Identity theft is the most popular form of consumer fraud, in part because it is the most profitable. Identity thieves stole nearly $100 million from financial institutions last year, or an average of $6,767 per victim.

One of the first question parents ask is, “How do thieves steal my information, or my child’s information?” According to the Identity Theft Resources Center, thieves work in a number of ways. They can:

* Go through your trash, looking for straight cut or un-shredded papers and records.

* Steal your mail, wallet or purse.

* Listen in on conversations you or your child have in public.

* Trick you or your child into giving them information over the telephone or by email.

* Buy the information via the Internet or from someone else who might have stolen it.

* Steal it from a loan or credit card application you or your child may have filled out, or from files at a hospital, bank, school or business that you deal with. Thieves may obtain these records from trash dumpsters outside of such companies.

* Get it from your computer, especially those without firewalls.

* Be someone you know – even a friend or relative — who has access to your information.

If you or your child becomes a victim of identity theft, experts at the Federal Trade Commission (FTC) offer the following suggestions:

* Contact the fraud department of any of the three major credit bureaus to place a fraud alert on your credit file. The fraud alert requests creditors to contact you before opening any new accounts or making any changes to your existing accounts. As soon as the credit bureau confirms your fraud alert, the other two credit bureaus will automatically be notified to also place fraud alerts. Each bureau will send you credit reports free of charge.

* Close any of your accounts that you suspect have been tampered with, as well as any new accounts that have been opened fraudulently. Use the ID Theft Affidavit when disputing new unauthorized accounts.

* File a police report, and get a copy of the report to submit to your creditors and others that may require proof of the crime.

* File your complaint with the FTC. The FTC maintains a database of identity theft cases used by law enforcement agencies for investigations. Filing a complaint also helps the FTC learn more about identity theft and the problems victims have.

Ongoing research to be published in the International Journal of Liability and Scientific Enquiry suggests that there is a huge amount of sensitive data still on redundant computer hard disks. These devices are often disposed of or sold into the second-hand market by corporations, organizations, and individuals with the data intact. The report’s authors say that this data represents a significant level of risk for commercial sabotage, identity theft, and even political compromise, and suggest that better education is essential to reduce the risk of harm.

It is not well known among computer users that simply deleting a file from the hard disk does not actually remove it from the computer but simply deletes its entry in the index for the hard drive. To remove all traces of a file requires the actual data to be wiped using “digital shredding” software. Such software is readily available and should be run as a high priority by individuals, companies and organizations intending to pass on their legacy computer hardware to third parties.

Andrew Jones, Head of Information Security Research, at British Telecommunications, in Martlesham Heath, UK, working with Glenn Dardick of Longwood University, in Farmville, Virginia, and colleagues Craig Valli, of Edith Cowan University, Western Australia, and Iain Sutherland of the University of Glamorgan, UK, have analyzed data that remained on a number of second hand hard disks that had been obtained on second-hand markets.

“The research revealed that a significant proportion of the disks that were examined still contained considerable amounts of information, much of which would have been of a sensitive nature to the organization or individual that had previously owned the disk,” the researchers explain.

The team adds that the percentage of disks that have been effectively wiped had fallen significantly, from 45% to 33%, since the previous year’s survey. “With only 33% of working second-hand disks having been effectively wiped, it is reasonable to comment that this is an area where there is significant potential for improvement,” they say.

They make several recommendations for improved data security – with regard to hard disks and other storage media, including memory cards, mobile phones, and other devices, and suggest that public awareness campaigns by Government, the media, commerce and/or academia ought to be run to help reduce the risk of sensitive data entering the information black-market.

The 2007 study is being made available in its entirety through the International Journal of Liability and Scientific Enquiry. The team is now completing the 2008 analysis and will announce those results shortly as well. However, the initial results for the 2008 study show that there is still a long way to go regarding the decommissioning of computer hard disk drives. The team expects that the complete 2008 study will be made available for publication by the end of the year.

Adapted from materials provided by Inderscience, via AlphaGalileo.