[ISN] UK bank details sold in Nigeria

From: InfoSec News (alerts@private)
Date: Tue Aug 15 2006 - 01:38:11 PDT


http://news.bbc.co.uk/2/hi/business/4790293.stm

14 August 2006

Bank account details belonging to thousands of Britons are being sold
in West Africa for less than £20 each, the BBC's Real Story programme
has found.

It discovered that fraudsters in Nigeria were able to find internet
banking data stored on recycled PCs sent from the UK to Africa.

The information can be found on a PC's hard disk, which is easy to
access if the drive is not wiped before sending.

Anti-fraud expert Owen Roberts said simply deleting files was not
enough.

Users should instead use a programme to wipe their hard drive before
they sell or give away their PC, a process which over-writes what is
already contained on the drive.

Alternatively, people should remove their hard drives before they give
away their computers, he said.


'Surprisingly easy'

"It is surprising how easy it is to obtain documents people leave on
their computers," said Mr Roberts, who is head of identity fraud at
CPP Group.

Real Story found that second-hand computers from all over the
developed world could be found in virtually every PC market in
Nigeria's commercial capital of Lagos.

It said that while there was a genuine market for second-hand PCs in
West Africa, identity fraud was a real problem.

Many of the PCs it found on sale in Lagos had come from UK council
recycling points.

People are still being urged to give away their old PCs, but only
after they have wiped the hard drive - not just to remove any bank
details but also other personal information such as home addresses.

The Information Commissioner's Office, the UK government's regulatory
office dealing with data protection, said companies had a legal
requirement to delete people's personal information from their
computers when it was no longer needed.

"It is essential that companies have appropriate procedures in place
to ensure that personal records on computer hard drives are rendered
unrecoverable when they dispose of computer equipment," said Assistant
Commissioner Phil Jones.

"Under the Data Protection Act companies have a duty to store personal
information securely and delete it when it is no longer required."

Real Story's investigation into the risk of identity theft from old
PCs is broadcast on BBC 1 at 19:30 on Monday, 14 August.



_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Tue Aug 15 2006 - 01:43:26 PDT