Despite recent high-profile data breaches and heightened awareness of the need to delete data prior to selling a PC, many second-hand computers contain highly sensitive personal information.

IT consultancy Navigant Consulting purchased three second-hand computers last week and was able to determine that one of the computers still contained sensitive personal information on its hard drive.

Andrew Durant, head of Navigant's fraud investigation team, said: "The seller believed that all information had been deleted when the hard drive was reformatted and a new operating system was installed, but that is simply not good enough.

"Many individuals, companies and other organisations still do not understand the precautions they need to take when selling their used PCs in order to protect personal information."

Based on an analysis of the computers, Navigant fraud investigators discovered information from a community college on the second-hand computer.

Data included student names, addresses and photos, staff budgets and payroll schedules including names and salary details, bank account standing data payments and receipts, and a letter including full bank account details.

"This level of information potentially put students, staff, suppliers and the college as a whole at risk from fraud," said Durant.

"The message is simple: if you can't securely delete your data, don't sell your computer. It is possible to download software from the internet to securely wipe data, or better still, take it to a reputable reseller and ask them to do it for you."

Durant suggested that it is far better to destroy the hard drive and replace it with a new one, but warned that the drive still needs to be securely destroyed.

"Even disposing of used hard drives at an approved local council site is not completely safe as drives have resurfaced in places such as Nigeria. The data recovered has been used in frauds," he added.