A buyer on the lookout for a new laptop got more than he bargained for at his local computer fair when the 'new' device came loaded with over 10GB of personal documents - including divorce papers and tax returns.
Hidayat Sudirman, a 25 year old civil servant from Singapore, bought a 14-inch Asus laptop from a stand at his local IT fair on the understanding that it was a brand-new device. When he got it home, however, it appeared not to be the case.
The China Post reports that Sudirman found around 10GB of somebody else's personal documents on the laptop, including such private information as completed tax return forms and divorce papers - a boon for anyone thinking of committing a little identity theft on the side.
Thankfully, Sudirman isn't a criminal type. Rather than exploiting the data for his own ends, he returned the laptop to the retailer, Newstead Technologies, who issued a refund and claimed that there had been a 'mix-up' resulting in a customer's laptop - returned to the company for repair - accidentally being included with a batch of new systems destined for sale at the fair.
Asus is, naturally, concerned, and despite being blameless in the above scenario has taken the steps of warning its resellers in the area to take more care when selling its products.
The case highlights the need for users to protect their private documents. While most modern operating systems include integrated encryption technologies - such as Microsoft's BitLocker, included in most modern versions of Windows - there are also freely available packages that can protect against this kind of information disclosure.
Software like TrueCrypt, an open-source encryption suite that is available completely free of charge for Windows, Mac OS X, and Linux, allows a heavily armoured area of the hard drive to be created specifically for storing private documents. If the unlucky Newstead customer had been using such software, his private documents would have remained so no matter where the laptop ended up.
It's also important to ensure that data is scrubbed from a hard drive before a PC or laptop is sold on. Even when a drive has been wiped and restored to factory defaults, data can still be recoverable - but tools like Darik's Boot and Nuke can ensure that even the most driven of attackers will have a hard time recovering files.
Sadly, Darik can't help when it comes to solid-state storage devices. Owing to the use of wear levelling and other lifespan-increasing technologies, a study recently concluded that it's almost impossible to securely delete files from an SSD. The use of encryption packages like TrueCrypt, however, can render the problem moot by ensuring that the unencrypted files are never written to the drive in the first place.
If the above sounds like a bit of a hassle, it is - but it's a lot easier than trying to recover from identity theft following the disclosure of documents you considered to be private.