Identity Theft and the CPA Part 1: Hard Drive Wiping

[This is the first in a series of posts on Information Security issues – As I have time (and feel led), I’m planning to post on topics related to identity theft and information security, an essential subject for today’s CPA]

It seems to happen every day – we learn that 3 million of our friends and neighbors have had someone release their private information to the entire free world.  While our profession has discussed this issue for a while, I think we could all use a refresher.

Let’s go back to those halcyon days of May – back when we had the whole summer ahead of us, and busy season was close in the rear view mirror.  Many of us received a letter informing us that our data could have been released to unauthorized individuals (and you know what organization I’m speaking of here, so I’m not going to name it).  As part of that letter, we were informed that the organization would pay for us to subscribe to a credit monitoring program – at their expense.

I think most of the facts on this incident have been discussed in the trade press, but I don’t think any of us realize what a non-issue this instance was in our daily lives.  Here’s what happened:

  • An unencrypted hard drive containing names, addresses and Social Security numbers of AICPA members was lost when it was shipped back to the organization by a computer repair company.

This would be a non-event to many CPA practices, as many would just write it off as a lost Fed Ex package.  Many may not be aware of the need to “wipe”, or in layman’s terms, remove all of your data from a hard drive before you get rid of a PC.  This is taken so seriously by the folks at the NNSA facilities in Oak Ridge that their IT people “wipe” the data off of drives to military standards, and then the security personnel use the old drives for target practice.  Some are even destroyed in an incinerator, and returned to their bare metal state.

So let’s all be careful out there.  Use a wiping utility when getting rid of your old PC’s.  One example is a FREE app called “Eraser” from (  This program lets you delete files securely up to DOD standards.  Try it – you’ll sleep better.

When donating old PC’s, I recommend to my clients that they wipe the hard drive, install the OS again, and then donate the PC in “ready to use” condition.  It takes a few minutes, and you’ll sleep better.