Perp copied personal info for about five years

Nov 13, 2014 14:18 GMT  ·  By

Taking a computer in for repairs can result in exposing private information about the owner, as cases where repairmen harvest such data are not rare. An individual in Connecticut facing such an accusation pleaded guilty before a federal court in Hartford.

Identified as Larry Mathews, 34, of Pawcatuck, the individual stands accused of “computer intrusion in furtherance of a tortious invasion of privacy;” translated into plain English, this means that he was copying personal data from machines he was servicing (these included both computer systems and other electronic devices). This happened on more than 250 occasions.

“Friend” ratted him out to the police

The ransacking took place in 2008, when Mathews had a computer repair business and was also engaged as a civilian contractor for the US Coast Guard, working as a computer technician, the court records say.

According to News8, the details copied by Mathews included names and passwords, as well as private multimedia content, some of it explicit in nature, recorded by the owners of the computers.

Had he not shared the stolen data with a third party, the perpetrator would have never been caught. He was reported to the police in 2013.

Info on attempts to monetize the data is not available

Considering that credentials were involved, these could have been put up for sale on underground forums, or he could have taken advantage of them himself through money extortion schemes.

However, it is unclear if the culprit tried to monetize the stolen data or if he broke into the online accounts.

Mathews waived his right for indictment and pleaded guilty. He is scheduled to receive his sentence on February 4, 2015, facing five years of jail time at most and a fine of up to $250,000 / €200,000. It is unlikely that he will receive the maximum punishment though, especially if no financial gains have been proven as a result of his actions.

Encryption is better than deleting the files

Users should know that even if the device is broken, most of the times the data stored on it is not damaged and can be extracted without any trouble.

To eliminate any risk of personal information falling into the wrong hands, it is recommended to remove the storage device from the gadget before taking it to repairs or selling it.

If this cannot be done, creating a backup and encrypting the data should be considered; if the repairs require overwriting the files, the backup can be restored.

Wiping the storage unit has proven not to be a good way to maintain privacy because the files can still be recovered with the use of special software that is publicly available and free. As such, if encryption is applied, even if the data is recovered, it would still be protected.