Researchers at the University of Hertfordshire performed a study examining secondhand hard disk drives and found they often contained data from their previous owners.
200 used drives were purchased from online marketplaces like eBay in the UK and US and their data analyzed to see which had been erased successfully or even had attempted to be erased. What the researchers uncovered wasn’t just that the erasure attempts were unsuccessful in cases, but that many simply had not been ‘wiped’ and contained an array of personal and private information left by previous owners. This topic comes up on Platter Chatter especially in the context of e-waste as these drives present both a physical problem and a digital one. The potential for confidential information to be exposed on discarded drives is a security threat. There is no shortage of interested ‘parties’ from the world of organized crime and identity thieves that would like to find treasures on them. The study put out by the Hertfordshire researches provides more evidence of data privacy threats and is a reminder of the importance of discarding digital media with discretion and secure erasure practices.
In the initial findings of the study it was found that that erasure efforts on secondhand drives varied in completeness highlighting the problem not that hard disks aren’t being erased but that it is being done improperly/insecurely. See the chart above showing a breakdown that reveals 26% of drives were formatted but data could still be recovered, 17% that were simply deleted and still could be recovered, and a further 16% that didn’t have any erasure attempts. Data does not go away when formatting a drive or deleting files (something we know a bit about at CBL Data Recovery). Recovering data before it has been securely erased is totally possible and makes information stored on discarded drives potentially available for use by criminals. While at least some attempts were being made to erase some of the drives, improper wiping and non-erasure is a problem that leads to private information being left open to possible misuse.
Researchers found all kinds of data available on the discarded drives ranging from photos to documents that were likely thought safely deleted. Examples included everything from payment records, bank statements and spreadsheets with names and details to intimate photos, scans of passports and photos/documents related to military personnel showing a broad selection of potentially data privacy threats.
The results with this set of purchased drives can be compared to a similar earlier study from 2007 and show an upward trend of data remaining available to potential threats.
While we focus on recovering lost data most of the time, preserving data privacy when old tech is being disposed of is a worthwhile endeavor. Using a specialized software tool to ‘wipe’ a drive using established standards you can securely erase data off a drive. This more intense and thorough manner makes sure the erasure is permanent. Since this general threat to you data is out there, CBL has a free app you can download to do this very job – CBL Data Shredder. The Hertfordshire study spread more awareness about the potential of information to be recoverable by parties for nefarious uses on secondhand drives and the lesson that we must discard with discretion to ensure that personal data is protected.
Category: data loss prevention