BBC finds UK banking data on recycled PCs

The exposure of sensitive data on old PCs sent to Nigeria offers a cautionary lesson

A BBC investigation has discovered details of online bank accounts on recycled PCs sent from the UK to Africa – highlighting the need for firms to ensure hard drives are wiped before they dispose of old IT equipment.

The investigation, which was screened on the BBC's Real Story programme on Monday (14 August), found bank account details belonging to thousands of Britons were being sold in West Africa for less than £20 each after the data was recovered from hard drives found in PC's sent to the region from the UK. Reporters found that many of the PCs for sale in the Nigerian capital Lagos came from UK council recycling points and while it is thought that the bulk of the data compromised was from personal PCs it is possible corporate PCs were also affected.

Jon Godfrey, chairman of IT asset disposal specialist Life Cycle Services, said the discovery was a reminder to firms that they should work with certified IT disposal firms and should audit their partners to ensure they follow best practices for wiping corporate data from end-of-life machines.

"Some less scrupulous waste disposal companies aren't going to the time and expense of wiping data so IT directors need to use a reputable organisation that can prove, audit and certify that data is wiped," Godfrey said. "Preferably you want to go with a company that will offer a guarantee that all will be destroyed, as when you are disposing potentially sensitive data one mistake is too many – we offer a £2m guarantee that we destroy all the data."

Godfrey added that IT directors should follow the latest UK government approved Infosec standard for data erasure rather than the older and less robust US Department of Defense standards.

The news again throws the spotlight on the practice of shipping used IT assets to the developing world, which has also faced criticism from green lobbyists for shifting the environmental problems posed by hazardous IT components onto countries without the infrastructure to dispose of them safely.

However, David Sogan chief executive of IT charity Digital Links International, insisted the latest revelations should not put firms off donating PCs to be used in developing countries. "There is a great second use for computers in the developing world," he said. "But if you are going to do it you need to go through a responsible channel and use accredited partners for collection and data sanitisation."

The news follows the release last week of new research from Glamorgan University that found failure to correctly wipe data from hard drives is a widespread problem in developed economies. The research, which was backed by Life Cycle Services and BT, looked at 317 second hand hard drives from the UK, North America, Germany and Australia and found that while 41 percent were unreadable, 20 percent contained information that could identify individuals and five percent held commercial data.