Sensitive info lives on in old computers


Monday, January 28th 2008, 4:00 AM

Yet another consequence of the falling housing market may be a rise in identity theft.

As mortgage companies are forced out of business, many are selling off their computers without properly deleting the sensitive financial information stored on their hard drives. The result is that borrowers' credit reports may fall into the hands of hackers, according to computer security experts.

"It's extremely unlikely they are wiping those disks properly," said Matthew Curtin, founder of Interhack, a security consulting firm in Columbus, Ohio.

Even deleted files are often easy to reconstruct. Curtin said his firm routinely recovers financial and medical records from second-hand computers.

Gregory Evans, a cyber-security expert in Marina Del Ray, Calif., said he went to a swap meet late last year and bought a $500 computer from a former mortgage company. With a $19 undelete program, he was able to retrieve credit reports on 300 people.

He was also able to recover the user names and passwords that several of the mortgage company's former employees used to access the credit bureaus.

The best strategy for borrowers hoping to protect their personal information is to take security into their own hands. Borrowers should ask their mortgage broker how their financial information will be handled before they take a loan.

In the financial sector, security experts view small- and medium-sized firms as the weakest links.

Unlike large institutions, smaller firms don't have the money to protect their data properly, said Chris Miller of Digitiliti, a data protection company in Minneapolis. "If they're failing, the last thing they're worried about is tight security," Miller said.