Two-thirds of 50 USB sticks found on Australian public transport were infected with malware and contained unencrypted information about their former owners, a study by IT security and data protection company Sophos revealed.
Sophos’ Australian office purchased a job-lot of found USB sticks from a lost property auction run by RailCorp, a major transit authority in Sydney.
The study also revealed none of the USB sticks contained encrypted information to protect information such as tax documents, school and university assignments, AutoCAD drawings of work projects, photo albums of family and friends, and software and web source code.
"It seems that commuters Down Under are not only losing their USB sticks, and oblivious to the fact that they were carrying malware around in their pockets, but are also at risk of losing their identity and personal information through sloppy security," said Graham Cluley, senior technology consultant at Sophos.
"Although this study was done in Sydney, Australia, there’s no reason to believe that we wouldn’t see a similar story on London’s Underground or the New York subway. Folks need to wake up to the threats, and take appropriate preventative steps."
Sophos advises computer users to encrypt all personal and business data before storing it on USB sticks so it cannot be accessed if the devices are lost. This should be in addition to running an up-to-date anti-virus check, whether the user is on a PC or a Mac.
Some of the USB sticks in the study were lost by Mac users – Macs reportedly being more secure against viruses – yet those USB sticks still contained PC malware.