Look What I Found on Your Discarded Hard Drive!
It didn’t receive a lot of play in the global news media, but some new research conducted by the University of Glamorgan in the UK, Longwood University in the U.S. and Edith Cowan University in Australia, found that hard drives sold on online auctions often contain significant traces of personal information.
In fact, 37% of 350 retired hard drives purchased online by the universities and examined using common forensics tools contained traces of personal data. Presumably, these hard disks were sanitized by their original owners before going on the auction block. Yet, there were enough data remnants still present to point the finger at some previous users.
Specifically, on a batch of 133 disks bought in the UK and studied by researchers at the University of Glamorgan, some startling revelations came to light.
• 65% contained enough data to identify people by name
• 19% had sufficient information to identify the original organization that owned the hard drive
• 17% contained "illicit" data
The types of sensitive information retrieved on these retired hard drives included financial data of specific companies, credit card numbers, medical data, salary details, visa applications, details of online purchases and even evidence of online pornography.
What is sad is that these new research results are similar to the findings in similar surveys conducted by the universities during the past two years. As industry experts analyzing the data suggest, this pretty much means that a lot of corporations and businesses either are ignoring a major data security issue or lack the tools to adequately wipe data before selling used computer equipment.
Needless to say, leaving corporate, financial and personal data on a hard drive and then selling it can have dire consequences on the data security and privacy fronts. The last thing any corporation wants is for some stranger to say, “Look what I found on your discarded hard drive!”
Comments