[ISN] Sensitive info lives on in old computers

From: InfoSec News (alerts@private)
Date: Mon Jan 28 2008 - 22:29:08 PST


http://www.nydailynews.com/money/2008/01/28/2008-01-28_sensitive_info_lives_on_in_old_computers.html

By Caren Chesler
New York Daily News
January 28th 2008

Yet another consequence of the falling housing market may be a rise in 
identity theft.

As mortgage companies are forced out of business, many are selling off 
their computers without properly deleting the sensitive financial 
information stored on their hard drives. The result is that borrowers' 
credit reports may fall into the hands of hackers, according to computer 
security experts.

"It's extremely unlikely they are wiping those disks properly," said 
Matthew Curtin, founder of Interhack, a security consulting firm in 
Columbus, Ohio.

Even deleted files are often easy to reconstruct. Curtin said his firm 
routinely recovers financial and medical records from second-hand 
computers.

Gregory Evans, a cyber-security expert in Marina Del Ray, Calif., said 
he went to a swap meet late last year and bought a $500 computer from a 
former mortgage company. With a $19 undelete program, he was able to 
retrieve credit reports on 300 people.

He was also able to recover the user names and passwords that several of 
the mortgage company's former employees used to access the credit 
bureaus.

The best strategy for borrowers hoping to protect their personal 
information is to take security into their own hands. Borrowers should 
ask their mortgage broker how their financial information will be 
handled before they take a loan.

In the financial sector, security experts view small- and medium-sized 
firms as the weakest links.

Unlike large institutions, smaller firms don't have the money to protect 
their data properly, said Chris Miller of Digitiliti, a data protection 
company in Minneapolis. "If they're failing, the last thing they're 
worried about is tight security," Miller said.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Mon Jan 28 2008 - 22:41:46 PST