Your Hard Drive and Identity Theft

Your Hard Drive and Identity Theft

Your hard drive is a priceless treasure trove full of all sorts of private data that you might not even be aware of. However, identity thieves are awa

Keeping Your Business Data Secure With Secure Cloud Server Security
The 5 most recommended learning aids for cyber-security learners
10 accreditations to improve your career in the security industry

Your hard drive is a priceless treasure trove full of all sorts of private data that you might not even be aware of. However, identity thieves are aware, and they want that data. The question is – are you going to make it easy for them to steal the data they need from your hard drive, or are you going to make it impossible?

A Kessler International study recently revealed that out of a hundred second-hand hard drives bought on eBay, forty of them still had recoverable personal data and other valuable information on them. This information included financial information, photos, emails, corporate documents, web browser history, and even DNS server information. All this data can be put to good use by identity thieves against you and the potential damage is worse than you can imagine.

Value of Your identity

If someone asked you what is most valuable to you now, you would might mention your car, your phone, or something equally material. Worldly possessions are important, but none can trump the value of your identity. This is something you probably won’t realise unless you’ve ever had your identity stolen. If your identity is stolen, everything that rightfully belongs to you will be at the mercy of criminals. Criminals who are more than happy to take everything from you.

To avoid this, you need to ask yourself how you can protect your identity and its value. There are a variety of ways a fraudster can acquire your personal data and thus your identity. Truth be told, you have very little control over some of the ways your personal data may leaked. However, there are ways that you can help secure yourself by eliminating individual data leaks.

You open a pathway for identity thieves every time you incorrectly use or store your personal information, be it intentionally or accidentally. For example, broadcasting your name, credit card numbers, Social Security number, or other financial account information online, or entering this information on unsafe websites.

Every time you compromise your personal information without realising, there is a good chance that an identity thief will get hold of it, potentially for malicious use.

The typical identity thief can get a hold of your information through any of the following ways:

  1. Dumpster Diving. These criminals are committed and will take the time to search through your garbage to find the information they need from bills, receipts, or correspondence you’ve thrown out.
  2. Old-Fashioned Stealing. These steal your mail, wallet, and so on with the aim of getting your bank and credit card statements, or other sensitive documents.
  3. Changing Your Address. These complete a change of address form without your knowledge so that your bank statements and other important documents will be sent to an address of their choosing.
  4. Skimming. This category is a bit more advanced as they use special storage devices to steal credit/debit card numbers while you are using your card.
  5. Phishing. These send you emails or other messages embedded with spam. The point of the message is to get you to use or reveal your personal information.
  6. Pretexting. These con-artists go into a bank, phone company, or other source and use false pretences to obtain your personal information.

You need to be aware of these approaches that identity thieves use so that you can properly safeguard yourself and your personal information.

Hard drive as security breach

“As earlier indicated, your hard drive is a goldmine of sensitive information that you certainly don’t want identity thieves getting their hands on. So, if you are throwing out, giving away, or selling your hard drive, it is wise to first completely purge it of all data and to ensure the data is irrecoverable.” adds professional data recovery engineer from Advanced Data Recovery.

Simson Garfinkel carried out a recent study which indicated that a significant number of hard drives sold on eBay still contained confidential and/or sensitive data. Of the 236 hard drives he purchased, one of them turned out to have been from an old ATM – it contained more than 800 unique PIN numbers. Another drive turned out to once belong to a medical centre and it contained more than 31,000 unique credit card numbers.

This just goes to show you how sensitive the contents of your hard drive are, and the importance of going the extra mile to ensure the data it holds doesn’t end up in the wrong hands.

Is the hard drive with the 800 pin numbers in the above study a GDPR breach? Could the company be sued under the new EU GDPR? Companies need to start thinking not just about how data is stored, but how it is disposed of too.

Before getting rid of your old computer or hard drive, ensure data recovery is made impossible. If you think simply deleting files and emptying your Recycle Bin is enough, you are wrong and could find yourself in trouble over GDPR! With the right software, much of a deleted file can be recovered from a hard drive.

Data isn’t truly gone from a hard drive until it is overwritten with new information. As long as a computer’s operating system has not re-used the space where a file was deleted from, the deleted file will remain recoverable.

Having your hard drive formatted is slightly more secure than simply deleting the files, but it is still not good enough. This is because formatting doesn’t erase data. Formatting only erases the address tables which makes it difficult to locate, and therefore recover files. An expert with the right tools can still retrieve much of the data that was on the disk prior to the reformat.

The best option to clean your hard drive without destroying it would be to wipe and overwrite the disk. This can be accomplished with the help of a secure erase program such as MediaTools Wipe. Such a program will write over old data on the hard drive physically and repeatedly to ensure deleted space is reused and deleted files are irrecoverable. But, keep in mind that this process can take hours to properly complete.

100% effective way of destroying an old hard drive

Wiping and overwriting the hard drive is effective but takes time. If you lack the patience, a 100% effective way to protect your data on an old hard drive, and ensure it can never be recovered, is to destroy the hard drive.

This will require that you take the hard drive out of the computer and rub a strong magnet over it. If you don’t have a magnet, simply grab a hammer and smash the hard drive to oblivion. During the destruction, be sure to pay special attention to the platter disk surface and the ports that connect the drive to a computer.

Keep in mind that physically destroying the hard drive is only a viable option if you intend to never use the hard drive again. If you do want to use or sell the hard drive, stick with the memory wipe and overwrite method.