A recent Malwarebytes blog post queries just how safe your personal data is when you leave your computer in the hands of a repair shop. To be honest, it’s not something I’ve ever considered because I’ve always performed my own repairs, but it does bring up an interesting question.
A recent study by researchers at the University of Guelph in North America has uncovered a number of rather disturbing findings. In summary, the study confirmed that “electronics repair services lack effective privacy protocols and that technicians often snoop on customers’ data” ~ (source).
- Repair personnel was asked to perform a battery replacement for Asus UX330U laptops running Microsoft Windows 10 – a fix that should not require login credentials or operating system access. Yet, all but one of the firms asked for login credentials
- Only three national and three regional repair services provided any sort of terms and conditions for the customer to sign and, worse still, all these consisted of was a disclaimer denying liability for any data loss
Repair Services Snooping?
Taking the study a step further, researchers then provided the repair shops with rigged Windows laptops specifically loaded with dummy data to secretly log how repair staff treated their customers’ data. Once again, the findings were far from encouraging:
- Six of sixteen technicians snooped on customers’ data, and two of sixteen copied customers’ data to external devices. One technician did so in a way to avoid generating evidence, while three others took steps to conceal their activities
- The most prominent snooping by repair technicians was hunting through the customer’s photos, searching through the customer’s browsing history, and, in one case, going through financial data
- When queried on the safety of customers’ data, none of the businesses had any plan or protocol in place to prevent this type of snooping from happening and all responses came down to variations of “Trust me, we won’t do it”.
These are some alarming findings, and it’s patently obvious that legislation is required to enforce privacy protocols on these businesses in order to protect customers’ data.
- Read the Malwarebytes blog post in full: Repair firms might be rifling through your personal data
- Read The Register’s article covering the study: Commercial repair shops caught snooping on customer data
Steps You Can Take To Protect Your Data
If you do need to take your PC to a repair shop and are concerned about the privacy of your personal data at all, these are a few steps you can take beforehand to mitigate the risks:
- Copy all personal data over to an external device, then delete that data from the PC and clean out the system with something like PrivaZer, which is not only an effective cleanup tool but also a top-notch privacy tool
- Alternatively, encrypt or password-protect your data. If using password protection, make sure that the password is not recorded anywhere in the system
- Sign out of any accounts, apps, and anything requiring a log-in
Do you trust the repair service you use? Or maybe the findings of this study will have you second-guessing? Let us know in the comments.
6 thoughts on “Is Your Data Safe With A PC Repair Shop?”
All these precautions are great with a huge exception. What if you get taken by surprise by a machine that won’t boot? Hopefully you have a disk image or at least a good backup. Take out the hard drive before you go? Assuming you know how to do that … IMO, the best option may be to make friends with a competent geek before you need said person, then reward them generously, be that with cash, single malt or whatever!
Hopefully you have a disk image or at least a good backup.
“Hopefully” being the operative word. I do wish more people would create image backups, saves a lot of grief.
the best option may be to make friends with a competent geek before you need said person, then reward them generously, be that with cash, single malt or whatever!
Sounds good to me GG.
As someone who works in a small repair shop, I’m looking at this with a frown. Before I do anything to a PC I make a backup of all the customer’s data in case anything goes wrong. Most of our customers don’t do any back-up, even if they say they have. I’m not going to risk their pictures, documents, etc. I don’t care about their browser history or passwords. I’m in there to back stuff up. Maybe it looks like I’m snooping, but I honestly don’t care about any of their stuff. After I’m done working on the computer, I put everything back and delete my copy.
Small tech repair techs don’t care what’s on your computer beyond an angry customer calling with “Where are all my bookmarks to the games on Pogo?” I think this is little more than a customer fantasy of how interesting they are to the outside world. A friend is far more likely to be interested in your personal life. A tech who doesn’t know you is more likely to give the response “Trust me, we don’t care.”
(Unless you abandon a laptop in the repair shop which is what this is really about.)
I agree Joy. I am a PC repairer myself, as are several of our authors, and I would never dream of violating my clients’ privacy. I believe the study mainly centered on larger repair shops with multiple employees.
I suppose the issue might be that these businesses aren’t stating what they do.
A lot of people may seem concerned it they hear that their personal data is backed up without knowing the reason so it’s probably a good idea to make processes clear
Joy and Jim, there is no comparison between trustworthy individuals like you and potential password pirates working at big box repair places. Apples and oranges. We had a friend like y’all in Pittsburgh who built half a dozen custom computers for us through the years and kept them running. He retired and we moved away. I wish we could find his equivalent in Austin!